cmc-sales/php/app/controllers/app_controller.php

<?php

/* App Controller */

class AppController extends Controller {

    var $components = array('RequestHandler');

    var $uses = array('User');
    var $helpers = array('Javascript', 'Time', 'Html', 'Form');
    
    // Define public actions that don't require authentication
    var $allowedActions = array();
    
    function beforeFilter() {
	
	// Check if current action is allowed without authentication
	if (in_array($this->action, $this->allowedActions)) {
	    error_log('[AUTH_BYPASS] Action ' . $this->action . ' allowed without authentication');
	    return;
	}

	$user = null;
	
	// Check if Tailscale authentication is enabled
	if (Configure::read('Tailscale.enabled')) {
		error_log('[WEBAUTH] Checking web authentication headers');
		error_log('X-Webauth-User: ' . (isset($_SERVER['HTTP_X_WEBAUTH_USER']) ? $_SERVER['HTTP_X_WEBAUTH_USER'] : 'not set'));
		error_log('X-Webauth-Name: ' . (isset($_SERVER['HTTP_X_WEBAUTH_NAME']) ? $_SERVER['HTTP_X_WEBAUTH_NAME'] : 'not set'));
	    // Check for web authentication headers
	    $tailscaleLogin = isset($_SERVER['HTTP_X_WEBAUTH_USER']) ? $_SERVER['HTTP_X_WEBAUTH_USER'] : null;
	    $tailscaleName = isset($_SERVER['HTTP_X_WEBAUTH_NAME']) ? $_SERVER['HTTP_X_WEBAUTH_NAME'] : null;
	    
	    if ($tailscaleLogin) {
		// Log web authentication attempt
		error_log('[WEBAUTH] Attempting authentication for: ' . $tailscaleLogin);
		
		// Try to find user by email address from web auth header
		$user = $this->User->find('first', array(
		    'recursive' => 0, 
		    'conditions' => array('User.email' => $tailscaleLogin)
		));
		
		// If user not found and auto-creation is enabled, create a new user
		if (!$user && Configure::read('Tailscale.autoCreateUsers')) {
		    // Parse the name
		    $firstName = '';
		    $lastName = '';
		    if ($tailscaleName) {
			$nameParts = explode(' ', $tailscaleName);
			$firstName = $nameParts[0];
			if (count($nameParts) > 1) {
			    array_shift($nameParts);
			    $lastName = implode(' ', $nameParts);
			}
		    }
		    
		    $userData = array(
			'User' => array(
			    'email' => $tailscaleLogin,
			    'username' => $tailscaleLogin,
			    'first_name' => $firstName,
			    'last_name' => $lastName,
			    'type' => 'user',
			    'access_level' => Configure::read('Tailscale.defaultAccessLevel'),
			    'enabled' => 1,
			    'by_vault' => 0
			)
		    );
		    $this->User->create();
		    if ($this->User->save($userData)) {
			$user = $this->User->find('first', array(
			    'recursive' => 0,
			    'conditions' => array('User.id' => $this->User->id)
			));
			error_log('[WEBAUTH] Created new user: ' . $tailscaleLogin);
		    } else {
			error_log('[WEBAUTH] Failed to create user: ' . $tailscaleLogin);
		    }
		}
	    }
	}
	
	// Fall back to HTTP basic auth if no Tailscale auth or user not found
	if (!$user && isset($_SERVER["PHP_AUTH_USER"])) {
	    error_log('[BASIC_AUTH] Attempting authentication for: ' . $_SERVER["PHP_AUTH_USER"]);
	    $user = $this->User->find('first', array(
		'recursive' => 0, 
		'conditions' => array('User.username' => $_SERVER["PHP_AUTH_USER"])
	    ));
	}
	
	if ($user) {
	    error_log('[AUTH_SUCCESS] User authenticated: ' . $user['User']['email']);
	} else {
	    error_log('[AUTH_FAILED] No valid authentication found');
	    
	    // Check if we have any authentication attempt (Web Auth or Basic Auth)
	    $hasAuthAttempt = (Configure::read('Tailscale.enabled') && isset($_SERVER['HTTP_X_WEBAUTH_USER'])) || 
			      isset($_SERVER["PHP_AUTH_USER"]);
	    
	    // If there was an authentication attempt but it failed, return 401
	    if ($hasAuthAttempt) {
		header('HTTP/1.1 401 Unauthorized');
		header('Content-Type: text/plain');
		echo "Authentication failed. Invalid credentials or user not found.";
		error_log('[AUTH_FAILED] Returning 401 Unauthorized');
		exit();
	    }
	    
	    // If no authentication headers at all, request authentication
	    header('WWW-Authenticate: Basic realm="CMC Sales System"');
	    header('HTTP/1.1 401 Unauthorized');
	    header('Content-Type: text/plain');
	    echo "Authentication required. Please provide valid credentials.";
	    error_log('[AUTH_FAILED] No authentication headers, requesting authentication');
	    exit();
	}
	
	$this->set("currentuser", $user);

	if($this->RequestHandler->isAjax()) {
	    Configure::write('debug', 0);
	}

    }


    /**
     * Check if the current logged in user is an admin
     * @return boolean
     */
    function isAdmin() {
	$currentuser = $this->getCurrentUser();
	if($currentuser['access_level'] == 'admin') {
	    return true;
	}
	else {
	    return false;
	}
    }


    function isManager() {
	$currentuser = $this->getCurrentUser();
	if($currentuser['access_level'] == 'manager') {
	    return true;
	}
	else {
	    return false;
	}
    }


    /**
     * Read the current logged in user.
     * @return array - the currently logged in user.
     */
    function getCurrentUser() {
	$user = null;
	
	// Check if Tailscale authentication is enabled
	if (Configure::read('Tailscale.enabled')) {
	    $tailscaleLogin = isset($_SERVER['HTTP_X_WEBAUTH_USER']) ? $_SERVER['HTTP_X_WEBAUTH_USER'] : null;
	    
	    if ($tailscaleLogin) {
		// Try to find user by email address from web auth header
		$user = $this->User->find('first', array(
		    'recursive' => 0, 
		    'conditions' => array('User.email' => $tailscaleLogin)
		));
	    }
	}
	
	// Fall back to HTTP basic auth if no Tailscale auth or user not found
	if (!$user && isset($_SERVER["PHP_AUTH_USER"])) {
	    $user = $this->User->find('first', array(
		'recursive' => 0, 
		'conditions' => array('User.username' => $_SERVER["PHP_AUTH_USER"])
	    ));
	}
	
	return $user;
    }

    /**
     * Return the id of the current user. False if not logged in.
     */
    function getCurrentUserID() {
	$currentuser = $this->getCurrentUser();
	if($currentuser) {
	    return $currentuser['User']['id'];
	}
	else {
	    return false;
	}
    }


    function calculateTotals($document, $gst) {
	$totals = array('subtotal'=>0, 'gst'=>0, 'total'=>0);


	foreach($document['LineItem'] as $lineitem) {
	    if($lineitem['option'] == 1) {
		$totals['subtotal'] = 'TBA';
		$totals['total'] = 'TBA';
		$totals['gst'] = 'TBA';
		return $totals;
	    }
	    else {
		$totals['subtotal'] += $lineitem['net_price'];
	    }
	}

	if($gst == 1) {
	    $totals['gst'] = 0.1*$totals['subtotal'];
	}
	$totals['total'] = $totals['gst'] + $totals['subtotal'];
	return $totals;

    }

    function unset_keys($array, $keys) {
	foreach($keys as $key ) {
	    $array[$key] = null;
	}
	return $array;
    }

    function unset_multiple_keys($array, $keys) {
	foreach($array as $index => $item) {
	    $array[$index]['id'] = null;
	    $array[$index]['document_id'] = null;
	    $array[$index]['costing_id'] = null;
	}
    }


     /**
     *
     * @param <type> $year
     * @param <type> $prevYear
     * @return <type>
     */
    function getFirstDayFY($year,$prevYear = false) {
	if($prevYear == false) {
	    return mktime(0,0,0,7,1,$year);

	}
	else {
	    return mktime(0,0,0,7,1,$year-1);
	}
    }
    /**
     *
     * @param <type> $year
     * @return <int>
     */
    function getLastDayFY($year) {
	return mktime(23,59,59,6,30,$year);

    }


}
?>
Random changes. Thinking of ditching Scriptaculous/Prototype for JQuery in future versions. Will try and focus on core functionality first, niceties later 2009-09-09 20:23:39 -07:00			`<?php`

Remove auth. Choose user based on nginx HTTP basic auth 2019-03-18 00:53:35 -07:00			`/* App Controller */`
Random changes. Thinking of ditching Scriptaculous/Prototype for JQuery in future versions. Will try and focus on core functionality first, niceties later 2009-09-09 20:23:39 -07:00
			`class AppController extends Controller {`

Remove auth. Choose user based on nginx HTTP basic auth 2019-03-18 00:53:35 -07:00			`var $components = array('RequestHandler');`
Random changes. Thinking of ditching Scriptaculous/Prototype for JQuery in future versions. Will try and focus on core functionality first, niceties later 2009-09-09 20:23:39 -07:00
Remove auth. Choose user based on nginx HTTP basic auth 2019-03-18 00:53:35 -07:00			`var $uses = array('User');`
User import completed. Removing the contact Class 2011-03-05 21:27:20 -08:00			`var $helpers = array('Javascript', 'Time', 'Html', 'Form');`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00
			`// Define public actions that don't require authentication`
			`var $allowedActions = array();`

Added Cookie login. Seems to work OK 2010-01-10 15:34:31 -08:00			`function beforeFilter() {`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00
			`// Check if current action is allowed without authentication`
			`if (in_array($this->action, $this->allowedActions)) {`
			`error_log('[AUTH_BYPASS] Action ' . $this->action . ' allowed without authentication');`
			`return;`
			`}`
Adding remember me login cookie 2010-01-10 10:05:04 -08:00
Add tailscale auth 2025-08-18 04:10:33 -07:00			`$user = null;`

			`// Check if Tailscale authentication is enabled`
			`if (Configure::read('Tailscale.enabled')) {`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00			`error_log('[WEBAUTH] Checking web authentication headers');`
			`error_log('X-Webauth-User: ' . (isset($_SERVER['HTTP_X_WEBAUTH_USER']) ? $_SERVER['HTTP_X_WEBAUTH_USER'] : 'not set'));`
			`error_log('X-Webauth-Name: ' . (isset($_SERVER['HTTP_X_WEBAUTH_NAME']) ? $_SERVER['HTTP_X_WEBAUTH_NAME'] : 'not set'));`
			`// Check for web authentication headers`
			`$tailscaleLogin = isset($_SERVER['HTTP_X_WEBAUTH_USER']) ? $_SERVER['HTTP_X_WEBAUTH_USER'] : null;`
			`$tailscaleName = isset($_SERVER['HTTP_X_WEBAUTH_NAME']) ? $_SERVER['HTTP_X_WEBAUTH_NAME'] : null;`
Add tailscale auth 2025-08-18 04:10:33 -07:00
			`if ($tailscaleLogin) {`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00			`// Log web authentication attempt`
			`error_log('[WEBAUTH] Attempting authentication for: ' . $tailscaleLogin);`
Fix php logging to STDERR so Docker logs work 2025-08-18 04:47:48 -07:00
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00			`// Try to find user by email address from web auth header`
Add tailscale auth 2025-08-18 04:10:33 -07:00			`$user = $this->User->find('first', array(`
			`'recursive' => 0,`
			`'conditions' => array('User.email' => $tailscaleLogin)`
			`));`

			`// If user not found and auto-creation is enabled, create a new user`
			`if (!$user && Configure::read('Tailscale.autoCreateUsers')) {`
			`// Parse the name`
			`$firstName = '';`
			`$lastName = '';`
			`if ($tailscaleName) {`
			`$nameParts = explode(' ', $tailscaleName);`
			`$firstName = $nameParts[0];`
			`if (count($nameParts) > 1) {`
			`array_shift($nameParts);`
			`$lastName = implode(' ', $nameParts);`
			`}`
			`}`

			`$userData = array(`
			`'User' => array(`
			`'email' => $tailscaleLogin,`
			`'username' => $tailscaleLogin,`
			`'first_name' => $firstName,`
			`'last_name' => $lastName,`
			`'type' => 'user',`
			`'access_level' => Configure::read('Tailscale.defaultAccessLevel'),`
			`'enabled' => 1,`
			`'by_vault' => 0`
			`)`
			`);`
			`$this->User->create();`
			`if ($this->User->save($userData)) {`
			`$user = $this->User->find('first', array(`
			`'recursive' => 0,`
			`'conditions' => array('User.id' => $this->User->id)`
			`));`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00			`error_log('[WEBAUTH] Created new user: ' . $tailscaleLogin);`
Fix php logging to STDERR so Docker logs work 2025-08-18 04:47:48 -07:00			`} else {`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00			`error_log('[WEBAUTH] Failed to create user: ' . $tailscaleLogin);`
Add tailscale auth 2025-08-18 04:10:33 -07:00			`}`
			`}`
			`}`
			`}`

			`// Fall back to HTTP basic auth if no Tailscale auth or user not found`
			`if (!$user && isset($_SERVER["PHP_AUTH_USER"])) {`
Fix php logging to STDERR so Docker logs work 2025-08-18 04:47:48 -07:00			`error_log('[BASIC_AUTH] Attempting authentication for: ' . $_SERVER["PHP_AUTH_USER"]);`
Add tailscale auth 2025-08-18 04:10:33 -07:00			`$user = $this->User->find('first', array(`
			`'recursive' => 0,`
			`'conditions' => array('User.username' => $_SERVER["PHP_AUTH_USER"])`
			`));`
			`}`

Fix php logging to STDERR so Docker logs work 2025-08-18 04:47:48 -07:00			`if ($user) {`
			`error_log('[AUTH_SUCCESS] User authenticated: ' . $user['User']['email']);`
			`} else {`
			`error_log('[AUTH_FAILED] No valid authentication found');`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00
			`// Check if we have any authentication attempt (Web Auth or Basic Auth)`
			`$hasAuthAttempt = (Configure::read('Tailscale.enabled') && isset($_SERVER['HTTP_X_WEBAUTH_USER'])) \|\|`
			`isset($_SERVER["PHP_AUTH_USER"]);`

			`// If there was an authentication attempt but it failed, return 401`
			`if ($hasAuthAttempt) {`
			`header('HTTP/1.1 401 Unauthorized');`
			`header('Content-Type: text/plain');`
			`echo "Authentication failed. Invalid credentials or user not found.";`
			`error_log('[AUTH_FAILED] Returning 401 Unauthorized');`
			`exit();`
			`}`

			`// If no authentication headers at all, request authentication`
			`header('WWW-Authenticate: Basic realm="CMC Sales System"');`
			`header('HTTP/1.1 401 Unauthorized');`
			`header('Content-Type: text/plain');`
			`echo "Authentication required. Please provide valid credentials.";`
			`error_log('[AUTH_FAILED] No authentication headers, requesting authentication');`
			`exit();`
Fix php logging to STDERR so Docker logs work 2025-08-18 04:47:48 -07:00			`}`

Remove auth. Choose user based on nginx HTTP basic auth 2019-03-18 00:53:35 -07:00			`$this->set("currentuser", $user);`
Adding remember me login cookie 2010-01-10 10:05:04 -08:00
Remove auth. Choose user based on nginx HTTP basic auth 2019-03-18 00:53:35 -07:00			`if($this->RequestHandler->isAjax()) {`
Documents controller revising quotes OK 2011-08-11 22:46:26 -07:00			`Configure::write('debug', 0);`
			`}`
Added Cookie login. Seems to work OK 2010-01-10 15:34:31 -08:00
			`}`

Refactoring all users to a single class to improve the vault 2010-12-27 17:51:39 -08:00
			`/**`
			`* Check if the current logged in user is an admin`
			`* @return boolean`
			`*/`
			`function isAdmin() {`
			`$currentuser = $this->getCurrentUser();`
Vault finished, hopefully. 2011-03-09 23:18:26 -08:00			`if($currentuser['access_level'] == 'admin') {`
Refactoring all users to a single class to improve the vault 2010-12-27 17:51:39 -08:00			`return true;`
			`}`
			`else {`
			`return false;`
			`}`
			`}`

Added user access level restriction to viewing emails 2011-03-20 23:58:21 -07:00
Documents controller revising quotes OK 2011-08-11 22:46:26 -07:00			`function isManager() {`
Added user access level restriction to viewing emails 2011-03-20 23:58:21 -07:00			`$currentuser = $this->getCurrentUser();`
			`if($currentuser['access_level'] == 'manager') {`
			`return true;`
			`}`
			`else {`
			`return false;`
			`}`
			`}`


Refactoring all users to a single class to improve the vault 2010-12-27 17:51:39 -08:00			`/**`
			`* Read the current logged in user.`
			`* @return array - the currently logged in user.`
			`*/`
			`function getCurrentUser() {`
Add tailscale auth 2025-08-18 04:10:33 -07:00			`$user = null;`

			`// Check if Tailscale authentication is enabled`
			`if (Configure::read('Tailscale.enabled')) {`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00			`$tailscaleLogin = isset($_SERVER['HTTP_X_WEBAUTH_USER']) ? $_SERVER['HTTP_X_WEBAUTH_USER'] : null;`
Add tailscale auth 2025-08-18 04:10:33 -07:00
			`if ($tailscaleLogin) {`
Change Tailscale auth header var name Add deploy-production.sh 2025-08-19 00:42:15 -07:00			`// Try to find user by email address from web auth header`
Add tailscale auth 2025-08-18 04:10:33 -07:00			`$user = $this->User->find('first', array(`
			`'recursive' => 0,`
			`'conditions' => array('User.email' => $tailscaleLogin)`
			`));`
			`}`
			`}`

			`// Fall back to HTTP basic auth if no Tailscale auth or user not found`
			`if (!$user && isset($_SERVER["PHP_AUTH_USER"])) {`
			`$user = $this->User->find('first', array(`
			`'recursive' => 0,`
			`'conditions' => array('User.username' => $_SERVER["PHP_AUTH_USER"])`
			`));`
			`}`

Fix issues in new enquiry logic 2019-04-06 04:16:13 -07:00			`return $user;`
Refactoring all users to a single class to improve the vault 2010-12-27 17:51:39 -08:00			`}`

			`/**`
			`* Return the id of the current user. False if not logged in.`
			`*/`
			`function getCurrentUserID() {`
			`$currentuser = $this->getCurrentUser();`
			`if($currentuser) {`
Fix bug in getCurrentUserID() 2019-04-06 17:36:25 -07:00			`return $currentuser['User']['id'];`
Refactoring all users to a single class to improve the vault 2010-12-27 17:51:39 -08:00			`}`
			`else {`
			`return false;`
			`}`
			`}`
PDF Quote generation pretty much done. Disabled AJAX pagination of enquiries to fix principle view 2011-05-24 02:11:07 -07:00


Documents controller revising quotes OK 2011-08-11 22:46:26 -07:00			`function calculateTotals($document, $gst) {`
PDF Quote generation pretty much done. Disabled AJAX pagination of enquiries to fix principle view 2011-05-24 02:11:07 -07:00			`$totals = array('subtotal'=>0, 'gst'=>0, 'total'=>0);`
Documents controller revising quotes OK 2011-08-11 22:46:26 -07:00
PDF Quote generation pretty much done. Disabled AJAX pagination of enquiries to fix principle view 2011-05-24 02:11:07 -07:00
			`foreach($document['LineItem'] as $lineitem) {`
			`if($lineitem['option'] == 1) {`
			`$totals['subtotal'] = 'TBA';`
			`$totals['total'] = 'TBA';`
			`$totals['gst'] = 'TBA';`
			`return $totals;`
			`}`
			`else {`
			`$totals['subtotal'] += $lineitem['net_price'];`
			`}`
			`}`

			`if($gst == 1) {`
			`$totals['gst'] = 0.1*$totals['subtotal'];`
			`}`
			`$totals['total'] = $totals['gst'] + $totals['subtotal'];`
			`return $totals;`

			`}`
jQuery-fying the Quote View Page 2010-02-16 19:34:17 -08:00
Documents controller revising quotes OK 2011-08-11 22:46:26 -07:00			`function unset_keys($array, $keys) {`
			`foreach($keys as $key ) {`
			`$array[$key] = null;`
			`}`
			`return $array;`
			`}`

			`function unset_multiple_keys($array, $keys) {`
			`foreach($array as $index => $item) {`
			`$array[$index]['id'] = null;`
			`$array[$index]['document_id'] = null;`
			`$array[$index]['costing_id'] = null;`
			`}`
			`}`


Implementing Shipment reports 2011-09-26 20:47:36 -07:00			`/**`
			`*`
			`* @param <type> $year`
			`* @param <type> $prevYear`
			`* @return <type>`
			`*/`
			`function getFirstDayFY($year,$prevYear = false) {`
			`if($prevYear == false) {`
			`return mktime(0,0,0,7,1,$year);`

			`}`
			`else {`
			`return mktime(0,0,0,7,1,$year-1);`
			`}`
			`}`
			`/**`
			`*`
			`* @param <type> $year`
			`* @return <int>`
			`*/`
			`function getLastDayFY($year) {`
			`return mktime(23,59,59,6,30,$year);`

			`}`

jQuery-fying the Quote View Page 2010-02-16 19:34:17 -08:00
Random changes. Thinking of ditching Scriptaculous/Prototype for JQuery in future versions. Will try and focus on core functionality first, niceties later 2009-09-09 20:23:39 -07:00
Adding remember me login cookie 2010-01-10 10:05:04 -08:00
Random changes. Thinking of ditching Scriptaculous/Prototype for JQuery in future versions. Will try and focus on core functionality first, niceties later 2009-09-09 20:23:39 -07:00			`}`
Fixed remember me cookie on login 2012-09-07 18:40:45 -07:00			`?>`