Example #1
0
 public function testSetCurrentUser()
 {
     $this->assertEmpty($this->object->getGroups());
     $this->assertEmpty($this->object->getUserId());
     $this->assertEmpty($this->object->getUserName());
     $this->object->setCurrentUser(1, 'test', array('x1', 'x2'));
     $this->assertEquals(1, $this->object->getUserId());
     $this->assertEquals('test', $this->object->getUserName());
     $this->assertEquals(array('x1', 'x2'), $this->object->getGroups());
     $this->object->setCurrentUser(2, 'other test', array('a', 'b', 'c'));
     $this->assertEquals(2, $this->object->getUserId());
     $this->assertEquals('other test', $this->object->getUserName());
     $this->assertEquals(array('a', 'b', 'c'), $this->object->getGroups());
 }
Example #2
0
 public static function Create($p_sessionId, &$p_objectId, $p_objectTypeId = null, $p_userId = null, $p_updateStats = false)
 {
     if (empty($p_sessionId)) {
         throw new SessionIdNotSet();
     }
     $session = new Session($p_sessionId);
     if (!$session->exists()) {
         $sessionParams = array('start_time' => strftime("%Y-%m-%d %T"));
         if (!empty($p_userId)) {
             $sessionParams['user_id'] = $p_userId;
         }
         $session->create($sessionParams);
     }
     $sessionUserId = $session->getUserId();
     if (!empty($p_userId) && !empty($sessionUserId) && $sessionUserId != $p_userId) {
         throw new InvalidUserId();
     }
     $requestObject = new RequestObject($p_objectId);
     if (!$requestObject->exists()) {
         if (empty($p_objectTypeId)) {
             throw new ObjectTypeIdNotSet();
         }
         $requestObject->create(array('object_type_id' => $p_objectTypeId));
         $p_objectId = $requestObject->getObjectId();
     } elseif (empty($p_objectId)) {
         throw new ObjectIdNotSet();
     }
     if ($p_updateStats) {
         self::UpdateStats($p_sessionId, $p_objectId);
     }
 }
Example #3
0
 function new_form($params)
 {
     if (!$params['project_id']) {
         bail('Required parameter "project_id" is missing.');
     }
     $project = new Project($params['project_id']);
     $this->options = array('project_id' => $project->id, 'title' => $project->getName());
     $this->data = new Hour();
     $this->data->set(array('staff_id' => Session::getUserId(), 'date' => date('Y-m-d')));
 }
 function show($params)
 {
     $params['id'] ? $this->data->contract = new SupportContract($params['id']) : Bail('required parameter $params["id"] missing.');
     $this->data->new_hour = new Hour();
     $this->data->new_hour->set(array('staff_id' => Session::getUserId(), 'date' => date('Y-m-d'), 'support_contract_id' => $params['id']));
     $this->data->new_charge = new Charge();
     $this->data->new_charge->set(array('date' => date('Y-m-d'), 'company_id' => $this->data->contract->get('company_id')));
     $this->data->hours = $this->data->contract->getHours(array_merge(array('sort' => 'date DESC'), $this->search_params('hour_search')));
     $this->data->total_hours_this_month = $this->data->contract->getTotalHours(array('date_range' => array('start_date' => Util::start_date_of_current_month(), 'end_date' => Util::end_date_of_current_month())));
     $this->data->billable_hours_this_month = $this->data->contract->getBillableHours(array('date_range' => array('start_date' => Util::start_date_of_current_month(), 'end_date' => Util::end_date_of_current_month())));
 }
 function show($params)
 {
     if (!$params['id']) {
         bail('Required $params["id"] not present.');
     }
     $d = $this->data;
     $d->hour = new Hour($params['id']);
     $d->support_contract = new SupportContract($d->hour->get('support_contract_id'));
     $d->support_hours = Hour::getMany(array('support_contract_id' => $d->support_contract->id, 'sort' => 'date DESC'));
     $d->new_hour = new Hour();
     $d->new_hour->set(array('support_contract_id' => $d->support_contract->id, 'staff_id' => Session::getUserId(), 'date' => date('Y-m-d')));
 }
Example #6
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "files";
     //only for admins
     Permission::allow('admin', $resource, ['*']);
     //only for normal users
     Permission::allow('user', $resource, ['index', 'getAll', 'create']);
     Permission::allow('user', $resource, ['delete'], 'owner');
     $fileId = Encryption::decryptIdWithDash($this->request->data("file_id"));
     $config = ["user_id" => Session::getUserId(), "table" => "files", "id" => $fileId];
     return Permission::check($role, $resource, $action, $config);
 }
 function show($params)
 {
     if (!$params['id']) {
         bail('Required parameter "id" is not present.');
     }
     $d = $this->data;
     $d->estimate = new Estimate($params['id']);
     $d->project = new Project($d->estimate->get('project_id'));
     $d->new_hour = new Hour();
     $d->new_hour->set(array('estimate_id' => $params['id'], 'staff_id' => Session::getUserId(), 'date' => date('Y-m-d')));
     $d->new_estimate = new Estimate();
     $d->new_estimate->set(array('project_id' => $d->project->id));
     $d->estimates = $d->project->getEstimates();
     $d->hours = getMany('Hour', array('estimate_id' => $params['id'], 'sort' => 'date DESC'));
 }
Example #8
0
 /**
  * Comprobar si el usuario tiene actualizada la clave maestra actual.
  *
  * @param string $login opcional con el login del usuario
  * @return bool
  */
 public static function checkUserUpdateMPass($login = null)
 {
     $userId = !is_null($login) ? UserUtil::getUserIdByLogin($login) : Session::getUserId();
     if ($userId === 0) {
         return false;
     }
     $configMPassTime = ConfigDB::getValue('lastupdatempass');
     if ($configMPassTime === false) {
         return false;
     }
     $query = 'SELECT user_lastUpdateMPass FROM usrData WHERE user_id = :id LIMIT 1';
     $data['id'] = $userId;
     $queryRes = DB::getResults($query, __FUNCTION__, $data);
     $ret = $queryRes !== false && $queryRes->user_lastUpdateMPass > $configMPassTime;
     return $ret;
 }
Example #9
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "todo";
     // only for admins
     Permission::allow('admin', $resource, ['*']);
     // only for normal users
     Permission::allow('user', $resource, ['delete'], 'owner');
     $todoId = $this->request->data("todo_id");
     if (!empty($todoId)) {
         $todoId = Encryption::decryptIdWithDash($todoId);
     }
     $config = ["user_id" => Session::getUserId(), "table" => "todo", "id" => $todoId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #10
0
 function show($params = array())
 {
     if (!isset($params['id']) || !$params['id']) {
         $staff_members = getAll('Staff');
         if (!isset($params['start_date']) || !isset($params['end_date'])) {
             $hours_criteria = array('current_week' => true);
             $this->data->dates = array('start_date' => date('Y-m-d', strtotime('last Sunday')), 'end_date' => date('Y-m-d', strtotime('next Sunday')));
         } else {
             $hours_criteria = array('hour_search' => array('start_date' => $params['start_date'], 'end_date' => $params['end_date']));
             $this->data->dates = array('start_date' => $params['start_date'], 'end_date' => $params['end_date']);
         }
         foreach ($staff_members as $staff) {
             if (!$staff->get('active')) {
                 continue;
             }
             if (!isset($this->data->billable_hours_this_week)) {
                 $this->data->staff = array();
                 $this->data->billable_hours_this_week = array();
             }
             if (!isset($this->data->total_hours_this_week)) {
                 $this->data->staff = array();
                 $this->data->total_hours_this_week = array();
             }
             $this->data->staff[$staff->get('id')] = $staff->getName();
             $this->data->billable_hours_this_week[$staff->get('id')] = $staff->getBillableHoursTotal($hours_criteria);
             $this->data->total_hours_this_week[$staff->get('id')] = $staff->getHoursTotal($hours_criteria);
         }
     } else {
         $this->data->active_projects = getMany('Project', array('active' => true));
         $staff = new Staff($params['id']);
         $this->data->staff = $staff;
         $this->data->staff_hours = $staff->getHours();
         $hours_criteria = array('current_month' => true);
         $this->data->hours_this_month = $staff->getHoursTotal($hours_criteria);
         $this->data->billable_hours_this_month = $staff->getBillableHoursTotal($hours_criteria);
         $hours_criteria = array('current_week' => true);
         $this->data->hours_this_week = $staff->getHoursTotal($hours_criteria);
         $this->data->billable_hours_this_week = $staff->getBillableHoursTotal($hours_criteria);
         $this->data->new_project = new Project();
         $this->data->new_project->set(array('staff_id' => Session::getUserId()));
         $this->data->new_support_hour = new Hour();
         $this->data->new_support_hour->set(array('staff_id' => Session::getUserId(), 'date' => date('Y-m-d')));
         $this->data->graph = array('staff' => $staff->id, 'call' => 'overview');
     }
 }
Example #11
0
 function show($params)
 {
     if (empty($params['id'])) {
         bail('No company selected.');
     }
     $this->data->company = new Company($params['id']);
     $user_id = Session::getUserId();
     $p = new Project();
     $p->set(array('company_id' => $params['id'], 'staff_id' => $user_id));
     $this->data->new_project = $p;
     $this->data->new_note = new Note();
     $this->data->new_note->set(array('date' => date('Y-m-d'), 'staff_id' => Session::getUserId(), 'company_id' => $params['id']));
     $this->data->new_charge = new Charge();
     $this->data->new_charge->set(array('date' => date('Y-m-d'), 'company_id' => $params['id']));
     $this->data->new_payment = new Payment();
     $this->data->new_payment->set(array('date' => date('Y-m-d'), 'company_id' => $params['id']));
     $this->data->new_invoice = new Invoice();
     $this->data->new_invoice->set(array('company_id' => $params['id']));
     $this->data->new_contact = new Contact();
     $this->data->new_contact->set(array('company_id' => $params['id']));
 }
Example #12
0
 /**
  * Private constructor. Ensures there is always a owner group and user.
  *
  * @internal
  *
  * @param string  $environment (optional)
  * @param array   $context
  */
 private function __construct($environment = '', array $context = [])
 {
     $this->setEnvironment($environment, $context);
     $this->handlers = Application::getAuthorizationHandlers();
     foreach ($this->handlers as $handler) {
         $handler->handleContext($this->context);
     }
     // make sure, we always have user and group id of the owner
     if (!isset($this->context['request_user_id'])) {
         $this->context['request_user_id'] = Session::getUserId();
     }
     if (isset($this->context['request_user_id'])) {
         $this->isLoggedIn = $this->context['request_user_id'] > 0;
     }
     if (!isset($this->context['owner_user_id'])) {
         $this->context['owner_user_id'] = -1;
     }
     if (!isset($this->context['owner_group_id'])) {
         $this->context['owner_group_id'] = -1;
     }
 }
Example #13
0
<?php

$notifications = $this->controller->user->getNotifications(Session::getUserId());
$newsfeed = $posts = $files = "";
foreach ($notifications as $notification) {
    if ($notification["count"] > 0) {
        // $$notification["target"] = $notification["count"];        // DEPRECATED IN PHP 7
        ${$notification["target"]} = $notification["count"];
    }
}
$info = $this->controller->user->getProfileInfo(Session::getUserId());
?>

		<!-- Navigation -->
        <nav class="navbar navbar-default navbar-static-top" role="navigation" style="margin-bottom: 0">
            <div class="navbar-header">
                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
                    <span class="sr-only">Toggle navigation</span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                    <span class="icon-bar"></span>
                </button>
                
            </div>
            <!-- /.navbar-header -->
			
            <ul class="nav navbar-top-links navbar-right">
                <li class="dropdown">
                    <a class="dropdown-toggle" data-toggle="dropdown" href="#">
                        Hello,<strong> <?php 
echo $info["name"];
Example #14
0
 /**
  * validate CSRF token
  * CSRF token can be passed with submitted forms and links associated with sensitive server-side operations.
  *
  * In case of GET request, you need to set 'validateCsrfToken' in $config to true.
  *
  * @param array  $config  configuration data
  * @return boolean
  */
 public function CsrfToken($config = [])
 {
     $userToken = null;
     if ($this->request->isPost()) {
         $userToken = $this->request->data('csrf_token');
     } else {
         $userToken = $this->request->query('csrf_token');
     }
     if (empty($userToken) || $userToken !== Session::getCsrfToken()) {
         Logger::log("CSRF Attack", "User: "******" provided invalid CSRF Token " . $userToken, __FILE__, __LINE__);
         return false;
     }
     return $userToken === Session::getCsrfToken();
 }
Example #15
0
 /**
  * logout
  *
  */
 public function logOut()
 {
     $this->login->logOut(Session::getUserId());
     Redirector::login();
 }
Example #16
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "posts";
     //only for admins
     Permission::allow('admin', $resource, ['*']);
     //only for normal users
     Permission::allow('user', $resource, ['index', 'view', 'newPost', 'getAll', 'getById', 'create']);
     Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner');
     $postId = $this->request->data("post_id");
     $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #17
0
 /**
  * Obtener el tema visual del usuario
  *
  * @return string
  */
 private function getUserTheme()
 {
     return Session::getUserId() > 0 ? UserPreferences::getPreferences(Session::getUserId())->getTheme() : '';
 }
	of the authors and should not be interpreted as representing official policies,
	either expressed or implied, of the NAS4Free Project.
*/
// Configure page permission
$pgperm['allowuser'] = TRUE;
require "auth.inc";
require "guiconfig.inc";
require "email.inc";
$pgtitle = array(gettext("System"), gettext("Password"));
if (!isset($config['access']['user']) || !is_array($config['access']['user'])) {
    $config['access']['user'] = array();
}
$a_user =& $config['access']['user'];
// Get user configuration. Ensure current logged in user is available,
// otherwise exit immediatelly.
if (FALSE === ($cnid = array_search_ex(Session::getUserId(), $a_user, "id"))) {
    header('Location: logout.php');
    exit;
}
if ($_POST) {
    unset($input_errors);
    $reqdfields = explode(" ", "password_old password_new password_confirm");
    $reqdfieldsn = array(gettext("Old password"), gettext("Password"), gettext("Password (confirmed)"));
    $reqdfieldst = explode(" ", "password password password");
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
    do_input_validation_type($_POST, $reqdfields, $reqdfieldsn, $reqdfieldst, $input_errors);
    // Validate old password.
    if ($_POST['password_old'] !== $a_user[$cnid]['password']) {
        $input_errors[] = gettext("The old password is not correct.");
    }
    // Validate new password.
Example #19
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "posts";
     // only for admins
     Permission::allow('admin', $resource, ['*']);
     // only for normal users
     Permission::allow('user', $resource, ['index', 'view', 'newPost', 'create']);
     Permission::allow('user', $resource, ['update', 'delete'], 'owner');
     $postId = $action === "delete" ? $this->request->param("args")[0] : $this->request->data("post_id");
     if (!empty($postId)) {
         $postId = Encryption::decryptId($postId);
     }
     $config = ["user_id" => Session::getUserId(), "table" => "posts", "id" => $postId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #20
0
 /**
  * send email to admin for reporting any bugs, features, or enhancement
  *
  */
 public function reportBug()
 {
     $subject = $this->request->data("subject");
     $label = $this->request->data("label");
     $message = $this->request->data("message");
     $result = $this->user->reportBug(Session::getUserId(), $subject, $label, $message);
     if (!$result) {
         echo $this->view->renderErrors($this->user->errors());
     } else {
         echo $this->view->renderSuccess("Email has been sent successfully, We will consider your report.");
     }
 }
Example #21
0
 /**
  * Escribir un nuevo evento en el registro de eventos
  *
  * @param bool $resetDescription Restablecer la descripción
  * @return bool
  */
 public function writeLog($resetDescription = false)
 {
     if (defined('IS_INSTALLER') && IS_INSTALLER === 1) {
         error_log('Action: ' . $this->getAction() . ' -- Description: ' . $this->getDescription());
     }
     if (!Util::logIsEnabled()) {
         return false;
     }
     $query = 'INSERT INTO log SET ' . 'log_date = UNIX_TIMESTAMP(),' . 'log_login = :login,' . 'log_userId = :userId,' . 'log_ipAddress = :ipAddress,' . 'log_action = :action,' . 'log_description = :description';
     $data['login'] = Session::getUserLogin();
     $data['userId'] = Session::getUserId();
     $data['ipAddress'] = $_SERVER['REMOTE_ADDR'];
     $data['action'] = $this->getAction();
     $data['description'] = $this->getDescription();
     if ($resetDescription === true) {
         $this->resetDescription();
     }
     return DB::getQuery($query, __FUNCTION__, $data);
 }
Example #22
0
 /**
  * Migrar los usuarios desde desde phpPMS.
  *
  * @throws SPException
  * @return array resultado
  */
 private static function migrateUsers()
 {
     $query = 'SELECT intUserId,' . 'vacUName,' . 'intUGroupFid,' . 'vacULogin,' . 'vacUPassword,' . 'vacUEmail,' . 'txtUNotes,' . 'intUCount,' . 'intUProfile,' . 'datULastLogin,' . 'blnIsAdminApp,' . 'blnIsAdminAcc,' . 'vacUserMPwd,' . 'vacUserMIv,' . 'datULastUpdate,' . 'datUserLastUpdateMPass,' . 'blnFromLdap,' . 'blnDisabled ' . 'FROM users ' . 'WHERE intUserId <> ' . Session::getUserId();
     $totalRecords = 0;
     $num = 0;
     try {
         foreach (self::$_dbc->query($query) as $row) {
             if (self::insertUsers($row)) {
                 $num++;
             }
             $totalRecords++;
         }
     } catch (\PDOException $e) {
         throw new SPException(SPException::SP_CRITICAL, _('Error al obtener los usuarios'), self::$_dbc->error);
     }
     $log = new Log(_('Importar Usuarios'));
     $log->addDescription('OK');
     $log->addDescription(_('Registros') . ': ' . $num . '/' . $totalRecords);
     $log->writeLog();
 }
Example #23
0
		
			<div dir='auto' class="panel-heading">
				<?php 
if (Session::getUserId() === (int) $post["user_id"] || Session::getUserRole() === "admin") {
    ?>
					<div class="pull-right">
						<a href="<?php 
    echo PUBLIC_ROOT . "Posts/View/" . urlencode(Encryption::encryptId($post["id"])) . "?action=update";
    ?>
">
							<button type="button" class="btn btn-default btn-circle edit"><i class="fa fa-pencil"></i></button>
						</a>
						<a href="<?php 
    echo PUBLIC_ROOT . "Posts/delete/" . urlencode(Encryption::encryptId($post["id"])) . "?csrf_token=" . urlencode(Session::generateCsrfToken());
    ?>
">
							<button type="button" class="btn btn-danger btn-circle delete"><i class="fa fa-times"></i></button>
						</a>
					</div>
				<?php 
}
?>
				<h5><?php 
echo $post["title"];
?>
</h5>
			</div>
			
			<div class="panel-body">
				<div class="row">
					<div class="col-lg-12">
Example #24
0
 function new_form($params)
 {
     $this->data->bookmark = new Bookmark();
     $this->data->bookmark->set(array('staff_id' => Session::getUserId(), 'source' => $params['source'], 'description' => $params['description']));
 }
Example #25
0
 /**
  * delete a user
  *
  */
 public function deleteUser()
 {
     $userId = Encryption::decryptIdWithDash($this->request->data("user_id"));
     if (!$this->user->exists($userId)) {
         return $this->error(404);
     }
     $this->admin->deleteUser(Session::getUserId(), $userId);
     $this->view->renderJson(array("success" => true));
 }
Example #26
0
 /**
  * Checks if user is logged in or not.
  * It uses Session and Cookies to validate the current user.
  *
  * @access public
  * @static static method
  * @return boolean
  *
  */
 private function loggedIn()
 {
     if (Session::isSessionValid($this->request->clientIp(), $this->request->userAgent())) {
         return true;
     }
     if (Cookie::isCookieValid()) {
         //get role from user class, because cookies don't store roles
         $role = $this->controller->user->getProfileInfo(Cookie::getUserId())["role"];
         Session::reset(["user_id" => Cookie::getUserId(), "role" => $role, "ip" => $this->request->clientIp(), "user_agent" => $this->request->userAgent()]);
         //reset cookie, Cookie token is usable only once
         Cookie::reset(Session::getUserId());
         return true;
     }
     return false;
 }
Example #27
0
 /**
  * Añadir una cuenta desde un archivo importado.
  *
  * @return bool
  */
 protected function addAccount()
 {
     if (is_null($this->getUserId()) || $this->getUserId() === 0) {
         $this->setUserId(Session::getUserId());
     }
     if (is_null($this->getUserGroupId()) || $this->getUserGroupId() === 0) {
         $this->setUserGroupId(Session::getUserGroupId());
     }
     $account = new Account();
     $account->setAccountName($this->getAccountName());
     $account->setAccountCustomerId($this->getCustomerId());
     $account->setAccountCategoryId($this->getCategoryId());
     $account->setAccountLogin($this->getAccountLogin());
     $account->setAccountUrl($this->getAccountUrl());
     $account->setAccountPass($this->getAccountPass());
     $account->setAccountIV($this->getAccountPassIV());
     $account->setAccountNotes($this->getAccountNotes());
     $account->setAccountUserId($this->getUserId());
     $account->setAccountUserGroupId($this->getUserGroupId());
     return $account->createAccount();
 }
Example #28
0
 public function isAuthorized()
 {
     $action = $this->request->param('action');
     $role = Session::getUserRole();
     $resource = "newsfeed";
     // only for admins
     Permission::allow('admin', $resource, ['*']);
     // only for normal users
     Permission::allow('user', $resource, ['index', 'getAll', 'getById', 'create']);
     Permission::allow('user', $resource, ['update', 'delete', 'getUpdateForm'], 'owner');
     $newsfeedId = $this->request->data("newsfeed_id");
     if (!empty($newsfeedId)) {
         $newsfeedId = Encryption::decryptIdWithDash($newsfeedId);
     }
     $config = ["user_id" => Session::getUserId(), "table" => "newsfeed", "id" => $newsfeedId];
     return Permission::check($role, $resource, $action, $config);
 }
Example #29
0
 /**
  * send email to admin for reporting any bugs, features, or enhancement
  *
  */
 public function reportBug()
 {
     $subject = $this->request->data("subject");
     $label = $this->request->data("label");
     $message = $this->request->data("message");
     $result = $this->user->reportBug(Session::getUserId(), $subject, $label, $message);
     if (!$result) {
         Session::set('report-bug-errors', $this->user->errors());
     } else {
         Session::set('report-bug-success', "Email has been sent successfully, We will consider your report.");
     }
     return $this->redirector->root("User/Bugs");
 }
Example #30
0
 /**
  * Crear el nodo con metainformación del archivo XML
  *
  * @throws SPException
  */
 private function createMeta()
 {
     try {
         $nodeMeta = $this->_xml->createElement('Meta');
         $metaGenerator = $this->_xml->createElement('Generator', 'sysPass');
         $metaVersion = $this->_xml->createElement('Version', implode('.', Util::getVersion()));
         $metaTime = $this->_xml->createElement('Time', time());
         $metaUser = $this->_xml->createElement('User', Session::getUserLogin());
         $metaUser->setAttribute('id', Session::getUserId());
         $metaGroup = $this->_xml->createElement('Group', Session::getUserGroupName());
         $metaGroup->setAttribute('id', Session::getUserGroupId());
         $nodeMeta->appendChild($metaGenerator);
         $nodeMeta->appendChild($metaVersion);
         $nodeMeta->appendChild($metaTime);
         $nodeMeta->appendChild($metaUser);
         $nodeMeta->appendChild($metaGroup);
         $this->_root->appendChild($nodeMeta);
     } catch (\DOMException $e) {
         throw new SPException(SPException::SP_WARNING, $e->getMessage(), __FUNCTION__);
     }
 }