public function getUsers()
{
$saved_db = DbUtil::switchToGlobal();
$lab_config_id = $this->id;
$retval = array();
$query_string = "SELECT u.* FROM user u " . "WHERE lab_config_id={$lab_config_id} ORDER BY u.username";
$resultset = query_associative_all($query_string, $row_count);
if ($resultset != null) {
foreach ($resultset as $record) {
$retval[] = User::getObject($record);
}
}
DbUtil::switchRestore($saved_db);
return $retval;
}
} else {
$auth_message .= "| Incoming or outgoing counter is missing; counters not updated. ";
}
if ($_REQUEST['stage'] == STAGE_LOGOUT) {
$authenticator->logout($info['conn_id']);
$auth_message .= "| User is now logged out. ";
}
if ($_REQUEST['stage'] == STAGE_COUNTERS) {
if ($info['token_status'] == TOKEN_INUSE) {
/* This is for the 15 minutes validation period, the exact same code is also present when the stage is login. If you update this one don't forget to update the other one! */
if ($info['account_status'] == ACCOUNT_STATUS_VALIDATION && $info['validation_grace_time_expired'] == 't') {
$auth_response = ACCOUNT_STATUS_VALIDATION_FAILED;
$auth_message .= "| The validation grace period which began at " . $info['reg_date'] . " has now expired. ";
} else {
/* TODO: This is a bit hackish, it's a shortcut untill the Token architecture uniform connection limit calculations are in place. */
$abuseControlFault = User::isAbuseControlViolated(User::getObject($info['user_id']), $info['user_mac'], Node::getObject($info['node_id']));
if ($abuseControlFault) {
$auth_response = ACCOUNT_STATUS_DENIED;
$auth_message .= "| {$abuseControlFault} ";
$authenticator->logout($info['conn_id']);
$auth_message .= "| User is now logged out. ";
} else {
$auth_response = $info['account_status'];
}
}
} else {
$auth_response = ACCOUNT_STATUS_DENIED;
$auth_message .= "| Invalid token status: " . $token_to_text[$info['token_status']] . ". ";
}
}
} else {
require_once 'classes/Session.php';
$smarty = SmartyWifidog::getObject();
$db = AbstractDb::getObject();
// Init vars
$profile_user = null;
$profile = null;
// Init session
$session = Session::getObject();
// Get the current user
$current_user = User::getCurrentUser();
/*
* Start general request parameter processing section
*/
if (!empty($_REQUEST['user_id'])) {
try {
$profile_user = User::getObject($_REQUEST['user_id']);
if (!empty($profile_user)) {
$profiles = $profile_user->getAllProfiles();
if (!empty($profiles)) {
$profile = $profiles[0];
}
}
} catch (Exception $e) {
$ui = MainUI::getObject();
$ui->displayError($e->getMessage());
exit;
}
} else {
$ui = MainUI::getObject();
$ui->displayError(_("No user id specified!"));
exit;
/** Retreives the user interface of this object. Anything that overrides this method should call the parent method with it's output at the END of processing.
* @return The HTML fragment for this interface */
public function getUserUI()
{
$real_node = Node::getCurrentRealNode();
//For production
//$real_node = Node::getCurrentNode();//For testing
$node = Node::getCurrentNode();
$formHtml = null;
if ($real_node) {
$formHtml .= "<form action='" . BASE_URL_PATH . "content/ShoutBox/add_message.php'>\n";
$formHtml .= "<input type='hidden' name='shoutbox_id' value='" . $this->getId() . "'/>\n";
//$html .= "destination_url: ";pretty_print_r($_SERVER);
$maxShoutChars = $this->getMaxShoutChars();
$shoutFieldSize = $this->getShoutFieldSize();
if ($maxShoutChars > 0) {
$max_size = "maxlength='{$maxShoutChars}'";
$maxShoutChars <= $shoutFieldSize ? $size = "size='{$maxShoutChars}'" : ($size = "size='{$shoutFieldSize}'");
} else {
$max_size = null;
$size = "size='{$shoutFieldSize}'";
}
$formHtml .= "<input type='hidden' name='node_id' value='" . $node->getId() . "'/>\n";
$formHtml .= "<input type='text' name='shout_text' id='shout_text' {$size} {$max_size} value=''/>\n";
$onclick_content = $this->getOnClickContent();
if ($onclick_content) {
$onclick = "onclick=\"" . $onclick_content->getString() . "\"";
} else {
$onclick = null;
}
$formHtml .= "<input type='submit' name='shout_submit' {$onclick} value='" . _("Shout!") . "'>\n";
$formHtml .= "</form>\n";
} else {
$formHtml .= "<p>" . _("Sorry, you must be at a hotspot to use the shoutbox") . "</p>\n";
}
$html_main = '';
$displayNumItems = $this->getDisplayNumItems();
$db = AbstractDb::getObject();
if ($node) {
$node_id = $db->escapeString($node->getId());
if ($displayNumItems > 0) {
$limit = "LIMIT {$displayNumItems}";
$heading = "<em>" . sprintf(_("Last %d messages:"), $displayNumItems) . "</em>";
} else {
$limit = null;
$heading = null;
}
$sql = "SELECT *, EXTRACT(EPOCH FROM creation_date) as creation_date_php FROM content_shoutbox_messages WHERE origin_node_id='{$node_id}' ORDER BY creation_date DESC {$limit}\n";
$db->execSql($sql, $rows, false);
$html_main .= "<ul>";
$html_main .= "<li>{$formHtml}</li>";
if ($rows) {
//$html_main .= $heading;
foreach ($rows as $row) {
$user = User::getObject($row['author_user_id']);
$content = Content::getObject($row['message_content_id']);
$html_main .= "<li>";
$dateStr = "<span class='date'>" . strftime('%x', $row['creation_date_php']) . "</span>\n";
$html_main .= $dateStr . ' ' . $user->getListUI() . ": \n";
$html_main .= "<div class='message'>" . $content->getListUI() . "</div>\n";
$html_main .= "</li>";
}
}
$html_main .= "</ul>";
} else {
$html_main .= "<p>" . _("Sorry, I am unable to determine your current node") . "</p>\n";
}
$this->setUserUIMainDisplayContent($html_main);
//$this->setUserUIMainInteractionArea($formHtml);
return Content::getUserUI();
}
/**
* Attempts to login a user against the authentication source
*
* If successfull, returns a User object
*
* @param string $username A valid identifying token for the source. Not
* necessarily unique. For local user, bots username
* and email are valid.
* @param string $password Clear text password.
* @param string $errmsg Reference of error message
* @param int $errno Reference to error code
*
* @return object The actual User object if login was successfull, false
* otherwise.
*/
public function login($username, $password, &$errmsg = null, &$errno = 0)
{
//echo "DEBUG: login($username, $password, $errmsg)<br/>";
$db = AbstractDb::getObject();
// Init values
$retval = false;
$username = $db->escapeString($username);
if (empty($username)) {
$errmsg .= sprintf(getErrorText(ERR_NO_USERNAME));
$errno = ERR_NO_USERNAME;
$retval = false;
} else {
/* gbastien: this is not reusable!!, why not use password directly? */
//$password_hash = User::passwordHash($_REQUEST['password']);
$password_hash = User::passwordHash($password);
$password = $db->escapeString($password);
$username = $this->getNetwork()->getUsernamesCaseSensitive() ? $username : strtolower($username);
$compareto = $this->getNetwork()->getUsernamesCaseSensitive() ? 'username' : 'lower(username)';
$sql = "SELECT user_id FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "' AND pass='******'";
$db->execSqlUniqueRes($sql, $user_info, false);
if ($user_info != null) {
$user = User::getObject($user_info['user_id']);
if ($user->isUserValid($errmsg, $errno)) {
$retval =& $user;
$errmsg = _("Login successfull");
} else {
$retval = false;
//Reason for refusal is already in $errmsg
}
} else {
/*
* This is only used to discriminate if the problem was a
* non-existent user or a wrong password.
*/
$user_info = null;
$db->execSqlUniqueRes("SELECT * FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "'", $user_info, false);
if ($user_info == null) {
$errmsg = getErrorText(ERR_UNKNOWN_USERNAME);
$errno = ERR_UNKNOWN_USERNAME;
} else {
$errmsg = getErrorText(ERR_WRONG_PASSWORD);
$errno = ERR_WRONG_PASSWORD;
}
$retval = false;
}
}
User::setCurrentUser($retval);
return $retval;
}
/**
* Process the users selection UI
*
* @todo Allow to select more than one user
*/
private function processSelectedUsersUI()
{
$this->report_selected_users = array();
$user_obj = null;
if (!empty($_REQUEST['stats_selected_users'])) {
if ($this->report_distinguish_users_by == 'user_id') {
$db = AbstractDb::getObject();
$username = $db->escapeString($_REQUEST['stats_selected_users']);
$row = null;
$db->execSqlUniqueRes("SELECT user_id FROM users WHERE username='******'", $row, false);
if ($row) {
$user_id = $row['user_id'];
$user_obj = User::getObject($user_id);
$this->report_selected_users[$user_id] = $user_obj;
}
} else {
//We have a MAC address
if (!empty($_REQUEST['stats_selected_users'])) {
$this->report_selected_users[$_REQUEST['stats_selected_users']] = null;
}
}
}
}
/**
* Logs out the user
*
* @param string $conn_id The connection id for the connection to work on.
* If it is not present, the behaviour depends if
* the network supports multiple logins. If it does
* not, all connections associated with the current
* user will be destroyed. If it does, only the
* connections tied to the current node will be
* destroyed.
*
* @return void
*/
public function logout($conn_id = null)
{
$db = AbstractDb::getObject();
$session = Session::getObject();
$conn_id = $db->escapeString($conn_id);
if (!empty($conn_id)) {
$db->execSqlUniqueRes("SELECT CURRENT_TIMESTAMP, *, CASE WHEN ((CURRENT_TIMESTAMP - reg_date) > networks.validation_grace_time) THEN true ELSE false END AS validation_grace_time_expired FROM connections JOIN users ON (users.user_id=connections.user_id) JOIN networks ON (users.account_origin = networks.network_id) WHERE connections.conn_id='{$conn_id}'", $info, false);
$user = User::getObject($info['user_id']);
$network = $user->getNetwork();
$splash_user_id = $network->getSplashOnlyUser()->getId();
$this->acctStop($conn_id);
} else {
$user = User::getCurrentUser();
$network = $user->getNetwork();
$splash_user_id = $network->getSplashOnlyUser()->getId();
if ($splash_user_id != $user->getId() && ($node = Node::getCurrentNode())) {
// Try to destroy all connections tied to the current node
$sql = "SELECT conn_id FROM connections JOIN tokens USING (token_id) WHERE user_id = '{$user->getId()}' AND node_id='{$node->getId()}' AND token_status='" . TOKEN_INUSE . "';";
$conn_rows = null;
$db->execSql($sql, $conn_rows, false);
if ($conn_rows) {
foreach ($conn_rows as $conn_row) {
$this->acctStop($conn_row['conn_id']);
}
}
}
}
if ($splash_user_id != $user->getId() && $network->getMultipleLoginAllowed() === false) {
/*
* The user isn't the splash_only user and the network config does
* not allow multiple logins. Logging in with a new token implies
* that all other active tokens should expire
*/
$sql = "SELECT conn_id FROM connections JOIN tokens USING (token_id) WHERE user_id = '{$user->getId()}' AND token_status='" . TOKEN_INUSE . "';";
$conn_rows = null;
$db->execSql($sql, $conn_rows, false);
if ($conn_rows) {
foreach ($conn_rows as $conn_row) {
$this->acctStop($conn_row['conn_id']);
}
}
}
// Try to destroy current session
// TODO: This will not work if ultimately called from the gateway (ex: after abuse control was reached). This creates a UI problem (the portal still shows the user as connected)
if (method_exists($session, "destroy")) {
$session->destroy();
}
}
/**
* Attempts to login a user against the authentication source
*
* If successfull, returns a User object
*
* @param string $username A valid identifying token for the source. Not
* necessarily unique.
* @param string $password Clear text password.
* @param string $errmsg Reference of error message
*
* @return object The actual User object if login was successfull, false
* otherwise.
*/
public function login($username, $password, &$errmsg = null)
{
$db = AbstractDb::getObject();
// Init values
$retval = false;
$username = $db->EscapeString($username);
$password = $db->EscapeString($password);
// Check if php-ldap extension is loaded
if (Dependency::check("ldap", $errmsg)) {
if ($this->checkLdapUser($username, $password, $this->mldap_hostname, $this->mldap_o, $this->mldap_filter, $errmsg)) {
//LDAP Authentication Successful
$sql = "SELECT user_id, pass FROM users WHERE (username='******') AND account_origin='" . $this->getNetwork()->getId() . "'";
$db->ExecSqlUniqueRes($sql, $user_info, false);
if ($user_info != null) {
$user = User::getObject($user_info['user_id']);
if ($user->isUserValid($errmsg)) {
$retval = $user;
User::setCurrentUser($user);
$errmsg = _("Login successfull");
} else {
$retval = false;
//Error already been set
}
} else {
$user = User::createUser(get_guid(), $username, $this->getNetwork(), "", "");
$retval =& $user;
$user->setAccountStatus(ACCOUNT_STATUS_ALLOWED);
$errmsg = _("Login successfull");
}
} else {
$retval = false;
//Error already been set
}
}
User::setCurrentUser($retval);
return $retval;
}
private static function DEPRECATEDgetUsernameFromOpenIdUrl($url)
{
# URL must be a string
if (!isset($url) || !is_string($url) || strlen($url) == 0) {
return null;
}
# it must start with our server, case doesn't matter
/* (strpos(strtolower($url), strtolower($wgServer)) !== 0) {
return null;
}*/
$parts = parse_url($url);
//pretty_print_r($parts);
$relative = $parts['path'];
if (!is_null($parts['query']) && strlen($parts['query']) > 0) {
preg_match("/user_id=(.*?)(?:&|\$)/", $parts['query'], $matches);
//pretty_print_r($matches);
$userId = $matches[1];
$user = User::getObject($userId);
}
$retval = null;
if ($user) {
$retval = $user;
}
return $retval;
}
/**
* Attempts to login a user against the authentication source.
*
* If successfull, returns a User object
*
* @param string $username A valid identifying token for the source.
* Not necessarily unique.
* @param string $password Clear text password.
* @param string $errmsg Reference of error message
*
* @return object The actual User object if login was successfull,
* false otherwise.
*/
public function login($username, $password, &$errmsg = null)
{
$db = AbstractDb::getObject();
User::setCurrentUser(null);
//This should fix a security hole if using an empty username. I didn't have time to audit the radius code to see if it really was vulnerable, and code a better fix.
// Init values
$retval = false;
$username = $db->escapeString($username);
$password = $db->escapeString($password);
if (Dependency::check("Auth_RADIUS", $errmsg)) {
/*
* Supported encryption methods are :
*
* CHAP_MD5 :Challenge-Handshake Authentication Protocol with MD5
* MSCHAPv1 and MSCHAPv2: Microsoft's CHAP implementation
*/
switch ($this->mRadius_encryption_method) {
case "PAP":
case "CHAP_MD5":
case "MSCHAPv1":
case "MSCHAPv2":
// Instanciate PEAR class
$classname = 'Auth_RADIUS_' . $this->mRadius_encryption_method;
$radius_server = new $classname($username, $password);
$radius_server->addServer($this->mRadius_hostname, $this->mRadius_auth_port, $this->mRadius_secret_key);
break;
default:
// Invalid encryption method
$errmsg = _("Invalid RADIUS encryption method.");
return false;
}
// Instructing PEAR RADIUS class auth parameters
$radius_server->username = $username;
// Depending on the auth method, generate challenge response
switch ($this->mRadius_encryption_method) {
case 'CHAP_MD5':
case 'MSCHAPv1':
$classname = $this->mRadius_encryption_method == 'MSCHAPv1' ? 'Crypt_CHAP_MSv1' : 'Crypt_CHAP_MD5';
$crypt_class = new $classname();
$crypt_class->password = $password;
$radius_server->challenge = $crypt_class->challenge;
$radius_server->chapid = $crypt_class->chapid;
$radius_server->response = $crypt_class->challengeResponse();
$radius_server->flags = 1;
break;
case 'MSCHAPv2':
$crypt_class = new Crypt_CHAP_MSv2();
$crypt_class->username = $username;
$crypt_class->password = $password;
$radius_server->challenge = $crypt_class->authChallenge;
$radius_server->peerChallenge = $crypt_class->peerChallenge;
$radius_server->chapid = $crypt_class->chapid;
$radius_server->response = $crypt_class->challengeResponse();
break;
default:
$radius_server->password = $password;
break;
}
if (!$radius_server->start()) {
$errmsg = _("Could not initiate PEAR RADIUS Auth class : " . $radius_server->getError());
return false;
}
// Send the authentication request to the RADIUS server
$result = $radius_server->send();
if (PEAR::isError($result)) {
$errmsg = _("Failed to send authentication request to the RADIUS server. : " . $result->getMessage());
return false;
} else {
if ($result === true) {
// RADIUS authentication succeeded!
// Now checking for local copy of this user
$user_info = null;
$sql = "SELECT user_id, pass FROM users WHERE (username='******') AND account_origin='" . $this->getNetwork()->getId() . "'";
$db->execSqlUniqueRes($sql, $user_info, false);
if ($user_info != null) {
$user = User::getObject($user_info['user_id']);
if ($user->isUserValid($errmsg)) {
$retval =& $user;
User::setCurrentUser($user);
$errmsg = _("Login successfull");
} else {
$retval = false;
//Reason for refusal is already in $errmsg
}
} else {
/*
* This user has been succcessfully authenticated through
* remote RADIUS, but it's not yet in our local database.
* Creating the user with a Global Unique ID, empty email
* and password.
* Local database password hashing is based on an empty
* string (we do not store remote passwords).
*/
$user = User::createUser(get_guid(), $username, $this->getNetwork(), "", "");
$retval =& $user;
// Validate the user right away !
$user->setAccountStatus(ACCOUNT_STATUS_ALLOWED);
User::setCurrentUser($user);
$errmsg = _("Login successfull");
}
return $retval;
} else {
$errmsg = _("The RADIUS server rejected this username/password combination.");
return false;
}
}
$radius_server->close();
} else {
return false;
}
}
* Load required files
*/
require_once dirname(__FILE__) . '/include/common.php';
require_once 'classes/User.php';
require_once 'classes/Node.php';
require_once 'classes/MainUI.php';
$smarty = SmartyWifidog::getObject();
$db = AbstractDb::getObject();
try {
if (!isset($_REQUEST["token"])) {
throw new Exception(_('No token specified!'));
}
if (!isset($_REQUEST["user_id"])) {
throw new Exception(_('No user ID specified!'));
}
$validated_user = User::getObject($_REQUEST['user_id']);
if ($db->escapeString($_REQUEST['token']) != $validated_user->getValidationToken()) {
throw new Exception(_('The validation token does not match the one in the database.'));
}
if ($validated_user->getAccountStatus() == ACCOUNT_STATUS_ALLOWED) {
throw new Exception(_('Your account has already been activated.'));
}
// This user wants to validate his account, the token is OK and he's not trying to pass the same token more than once
// Activate his account and let him in NOW
$validated_user->SetAccountStatus(ACCOUNT_STATUS_ALLOWED);
User::setCurrentUser($validated_user);
// Show activation message
$smarty->assign('message', _("Your account has been succesfully activated!\n\nYou may now browse to a remote Internet address and take advantage of the free Internet access!\n\nIf you get prompted for a login, enter the username and password you have just created."));
} catch (Exception $e) {
$smarty->assign('message', $e->getMessage());
}
/** The list of all Technical officers of this node.
* Technical officers are displayed highlited and in the online user's list,
* and are contacted when the Node goes down.
* @return An array of User object, or en empty array */
function DEPRECATEDgetTechnicalOfficers()
{
$db = AbstractDb::getObject();
$retval = array();
$officers = null;
$db->execSql("SELECT user_id FROM node_stakeholders WHERE role_id = 'NODE_TECH_OFFICER' AND object_id='{$this->id}'", $officers, false);
if ($officers != null) {
foreach ($officers as $officer_row) {
$retval[] = User::getObject($officer_row['user_id']);
}
}
return $retval;
}
/**
* Process the interface to assign stakeholders to objects
* @param &$errMsg An error message will be appended to this is the username is not empty, but the user doesn't exist.
*
* @return null
*
* @param $targetObject The Object on which the permssion applies (Network, Server, etc.)
*/
public static function processAssignStakeholdersUI($targetObject, &$errMsg)
{
$db = AbstractDb::getObject();
$object_id = $db->escapeString($targetObject->getId());
$object_class = get_class($targetObject);
$table = strtolower($object_class) . '_stakeholders';
$user = User::processSelectUserUI($object_id . "_new_stakeholder", $errMsg);
$role = Role::processSelectAvailableRoleUI($object_id . "_new_stakeholder_role");
if ($user && $role) {
//The user and role exist
if (Security::hasRole($role, $targetObject, $user)) {
$errMsg .= sprintf(_("User %s already has role %s for this object"), $user->getUsername(), $role->getId());
} else {
// the user doesn't already have that role
$sql = "INSERT INTO {$table} (object_id, user_id, role_id) VALUES ('{$object_id}', '{$user->getId()}', '{$role->getId()}');";
$stakeholder_rows = null;
$db->execSqlUpdate($sql, false);
}
}
$stakeholder_rows = null;
$sql = "SELECT * FROM {$table} JOIN roles USING (role_id) WHERE object_id = '{$object_id}';";
$db->execSql($sql, $stakeholder_rows, false);
if ($stakeholder_rows) {
foreach ($stakeholder_rows as $stakeholder_row) {
$user = User::getObject($stakeholder_row['user_id']);
$name = $object_id . "_stakeholder_" . $stakeholder_row['user_id'] . "_" . $stakeholder_row['role_id'] . "_remove";
if (!empty($_REQUEST[$name])) {
$userIdStr = $db->escapeString($stakeholder_row['user_id']);
$roleIdStr = $db->escapeString($stakeholder_row['role_id']);
$sql = "DELETE FROM {$table} WHERE object_id='{$object_id}' AND user_id='{$userIdStr}' AND role_id = '{$roleIdStr}';";
$db->execSqlUpdate($sql, false);
}
}
}
return null;
}
/** Get the actual report.
* Classes must override this, but must call the parent's method with what
* would otherwise be their return value and return that instead.
* @param $child_html The child method's return value
* @return A html fragment
*/
public function getReportUI($child_html = null)
{
$db = AbstractDb::getObject();
$html = '';
$distinguish_users_by = $this->stats->getDistinguishUsersBy();
$candidate_connections_sql = $this->stats->getSqlCandidateConnectionsQuery("DISTINCT {$distinguish_users_by}, date_trunc('day', timestamp_in) AS date");
$sql = "SELECT COUNT(*) AS active_days, {$distinguish_users_by} FROM ({$candidate_connections_sql} GROUP BY date,{$distinguish_users_by}) AS user_active_days GROUP BY {$distinguish_users_by} ORDER BY active_days DESC LIMIT " . self::NUM_USERS_TO_DISPLAY . "";
$db->execSql($sql, $frequent_users_stats, false);
if ($frequent_users_stats) {
$html .= "<table>";
$html .= "<thead>";
$html .= "<tr>";
if ($distinguish_users_by == 'user_id') {
$caption = _("User (username)");
} else {
$caption = _("User (MAC address)");
}
$html .= " <th>{$caption}</th>";
$html .= " <th>" . _("Different days connected") . "</th>";
$html .= "</tr>";
$html .= "</thead>";
$even = 0;
foreach ($frequent_users_stats as $row) {
$html .= $even ? "<tr>\n" : "<tr class='odd'>\n";
if ($even == 0) {
$even = 1;
} else {
$even = 0;
}
if (!empty($row['user_id'])) {
$user = User::getObject($row['user_id']);
$display_id = $user->getUsername();
} else {
//We only have a MAC address
$display_id = $row['user_mac'];
}
$html .= " <td>{$display_id}</a></td>\n";
//$html .= " <td><a href='?date_from={$_REQUEST['date_from']}&date_to={$_REQUEST['date_to']}&user_id={$row['user_id']}'>{$row['username']}</a></td>\n";
$html .= " <td>" . $row['active_days'] . "</td>";
$html .= "</tr>";
}
$html .= "</table>";
} else {
$html .= _("No information found matching the report configuration");
}
return parent::getReportUI($html);
}
$tool_html .= '<li><a href="' . BASE_SSL_PATH . 'content/PatternLanguage/index.php?content_id=' . $content_id . '">' . _("About Pattern Language") . '</a><br>' . "\n";
$tool_html .= '<li><a href="' . BASE_SSL_PATH . 'content/PatternLanguage/narrative.php?content_id=' . $content_id . '">' . _("Read narrative") . '</a><br>' . "\n";
$tool_html .= '<li><a href="' . BASE_SSL_PATH . 'content/PatternLanguage/archives.php?content_id=' . $content_id . '">' . _("Archives") . '</a><br>' . "\n";
$tool_html .= '<li><a href="' . BASE_SSL_PATH . 'content/PatternLanguage/hotspots.php?content_id=' . $content_id . '">' . _("Participating hotspots") . '</a><br>' . "\n";
$tool_html .= '<li><a href="' . BASE_SSL_PATH . 'content/PatternLanguage/subscription.php?content_id=' . $content_id . '">' . _("Subscription") . '</a><br>' . "\n";
$tool_html .= '</ul>' . "\n";
$tool_html .= "<div class='pattern_language_credits'>";
$tool_html .= $pattern_language->getSponsorInfo()->__toString();
$tool_html .= "</div>";
// Body
// User's Narrative
try {
if (empty($_REQUEST['user_id'])) {
$user = User::getCurrentUser();
} else {
$user = User::getObject($_REQUEST['user_id']);
}
if ($user) {
$body_html = "<img src='images/header.gif'>\n";
$body_html .= "<h1>" . _("Narrative for ") . "{$user->getUsername()}</h1>\n";
$body_html .= "<div class='pattern_language_body'>\n";
$body_html .= $pattern_language->displayNarrative($user);
$body_html .= "</div>\n";
} else {
$body_html = "<img src='images/header.gif'><p>\n";
$body_html .= _("You must be logged in to read your narrative");
}
} catch (Exception $e) {
header("Location: archives.php");
}
$ui = MainUI::getObject();
/** Get the actual report.
* Classes must override this, but must call the parent's method with what
* would otherwise be their return value and return that instead.
* @param $child_html The child method's return value
* @return A html fragment
*/
public function getReportUI($child_html = null)
{
$db = AbstractDb::getObject();
$html = '';
$distinguish_users_by = $this->stats->getDistinguishUsersBy();
$candidate_connections_sql = $this->stats->getSqlCandidateConnectionsQuery("COUNT(DISTINCT connections.node_id) AS num_hotspots_visited, {$distinguish_users_by}");
$sql = "{$candidate_connections_sql} GROUP BY {$distinguish_users_by} ORDER BY num_hotspots_visited DESC LIMIT " . self::NUM_USERS_TO_DISPLAY . "";
$db->execSql($sql, $mobile_users_stats, false);
if ($mobile_users_stats) {
$html .= "<table>";
$html .= "<thead>";
$html .= "<tr>";
if ($distinguish_users_by == 'user_id') {
$caption = _("User (username)");
} else {
$caption = _("User (MAC address)");
}
$html .= " <th>{$caption}</th>";
$html .= " <th>" . _("Nodes visited") . "</th>";
$html .= "</tr>";
$html .= "</thead>";
$even = 0;
foreach ($mobile_users_stats as $row) {
$html .= $even ? "<tr>\n" : "<tr class='odd'>\n";
if ($even == 0) {
$even = 1;
} else {
$even = 0;
}
if (!empty($row['user_id'])) {
$user = User::getObject($row['user_id']);
$display_id = $user->getUsername();
} else {
//We only have a MAC address
$display_id = $row['user_mac'];
}
$html .= " <td>{$display_id}</a></td>\n";
//$html .= " <td><a href='?date_from={$_REQUEST['date_from']}&date_to={$_REQUEST['date_to']}&user_id={$row['user_id']}'>{$row['username']}</a></td>\n";
$html .= " <td>" . $row['num_hotspots_visited'] . "</td>";
$html .= "</tr>";
}
$html .= "</table>";
} else {
$html .= _("No information found matching the report configuration");
}
return parent::getReportUI($html);
}
/** Get the actual report.
* Classes must override this, but must call the parent's method with what
* would otherwise be their return value and return that instead.
* @param $child_html The child method's return value
* @return A html fragment
*/
public function getReportUI($child_html = null)
{
$db = AbstractDb::getObject();
$html = '';
$distinguish_users_by = $this->stats->getDistinguishUsersBy();
$candidate_connections_sql = $this->stats->getSqlCandidateConnectionsQuery(" connections.{$distinguish_users_by}, SUM(incoming+outgoing) AS total, SUM(incoming) AS total_incoming, SUM(outgoing) AS total_outgoing ", false);
$sql = "{$candidate_connections_sql} GROUP BY connections.{$distinguish_users_by} ORDER BY total DESC LIMIT " . self::NUM_USERS_TO_DISPLAY . "";
$db->execSql($sql, $frequent_users_stats, false);
if ($frequent_users_stats) {
$html .= "<table>";
$html .= "<thead>";
$html .= "<tr>";
if ($distinguish_users_by == 'user_id') {
$caption = _("User (username)");
} else {
$caption = _("User (MAC address)");
}
$html .= " <th>{$caption}</th>";
$html .= " <th>" . _("Incoming") . "</th>";
$html .= " <th>" . _("Outgoing") . "</th>";
$html .= " <th>" . _("Total") . "</th>";
$html .= "</tr>";
$html .= "</thead>";
$even = 0;
foreach ($frequent_users_stats as $row) {
$html .= $even ? "<tr>\n" : "<tr class='odd'>\n";
if ($even == 0) {
$even = 1;
} else {
$even = 0;
}
if (!empty($row['user_id'])) {
$user = User::getObject($row['user_id']);
$display_id = $user->getUsername();
} else {
//We only have a MAC address
$display_id = $row['user_mac'];
}
$html .= " <td>{$display_id}</a></td>\n";
$html .= " <td>" . Utils::convertBytesToWords($row['total_incoming']) . "</td>";
$html .= " <td>" . Utils::convertBytesToWords($row['total_outgoing']) . "</td>";
$html .= " <td>" . Utils::convertBytesToWords($row['total']) . "</td>";
$html .= "</tr>";
}
$html .= "</table>";
} else {
$html .= _("No information found matching the report configuration");
}
return parent::getReportUI($html);
}
/**
* Get the list of all narratives
*
* @return the archive page HTML
*/
public function getNarrativeList()
{
$db = AbstractDb::getObject();
// Init values
$narratives = array();
$rows = null;
$sql = "SELECT DISTINCT user_id FROM content_display_log AS cdl JOIN content_group_element AS cge ON (cdl.content_id = cge.content_group_element_id) JOIN content ON (content.content_id = cge.content_group_id) WHERE content_type = 'PatternLanguage'";
$db->execSql($sql, $rows, false);
if ($rows) {
foreach ($rows as $row) {
$narratives[] = User::getObject($row['user_id']);
}
}
return $narratives;
}
/** Process admin interface of this object. When an object overrides this method, they should call the parent processAdminUI at the BEGINING of processing.
*/
public function processAdminUI()
{
if ($this->DEPRECATEDisOwner(User::getCurrentUser()) || User::getCurrentUser()->DEPRECATEDisSuperAdmin()) {
$db = AbstractDb::getObject();
if ($this->getObjectType() == 'Content') {
$content_type = FormSelectGenerator::getResult("content_" . $this->id . "_content_type", "Content");
$this->setContentType($content_type);
} else {
//Content medatada
if ($this->isSimpleContent() == false || $this->isPersistent()) {
/* title_is_displayed */
if (!empty($this->content_row['title'])) {
$name = "content_" . $this->id . "_title_is_displayed";
!empty($_REQUEST[$name]) ? $this->setTitleIsDisplayed(true) : $this->setTitleIsDisplayed(false);
}
/* title */
if (empty($this->content_row['title'])) {
$title = self::processNewContentUI("title_{$this->id}_new");
if ($title != null) {
$title_id = $title->GetId();
$db->execSqlUpdate("UPDATE content SET title = '{$title_id}' WHERE content_id = '{$this->id}'", FALSE);
}
} else {
$title = self::getObject($this->content_row['title']);
$name = "content_" . $this->id . "_title_erase";
if (!empty($_REQUEST[$name]) && $_REQUEST[$name] == true) {
$db->execSqlUpdate("UPDATE content SET title = NULL WHERE content_id = '{$this->id}'", FALSE);
$title->delete($errmsg);
} else {
$title->processAdminUI();
}
}
}
if ($this->isSimpleContent() == false) {
/* description */
if (empty($this->content_row['description'])) {
$description = self::processNewContentUI("description_{$this->id}_new");
if ($description != null) {
$description_id = $description->GetId();
$db->execSqlUpdate("UPDATE content SET description = '{$description_id}' WHERE content_id = '{$this->id}'", FALSE);
}
} else {
$description = self::getObject($this->content_row['description']);
$name = "content_" . $this->id . "_description_erase";
if (!empty($_REQUEST[$name]) && $_REQUEST[$name] == true) {
$db->execSqlUpdate("UPDATE content SET description = NULL WHERE content_id = '{$this->id}'", FALSE);
$description->delete($errmsg);
} else {
$description->processAdminUI();
}
}
/* long description */
if (empty($this->content_row['long_description'])) {
$long_description = self::processNewContentUI("long_description_{$this->id}_new");
if ($long_description != null) {
$long_description_id = $long_description->GetId();
$db->execSqlUpdate("UPDATE content SET long_description = '{$long_description_id}' WHERE content_id = '{$this->id}'", FALSE);
}
} else {
$long_description = self::getObject($this->content_row['long_description']);
$name = "content_" . $this->id . "_long_description_erase";
if (!empty($_REQUEST[$name]) && $_REQUEST[$name] == true) {
$db->execSqlUpdate("UPDATE content SET long_description = NULL WHERE content_id = '{$this->id}'", FALSE);
$long_description->delete($errmsg);
} else {
$long_description->processAdminUI();
}
}
/* project_info */
if (empty($this->content_row['project_info'])) {
$project_info = self::processNewContentUI("project_info_{$this->id}_new");
if ($project_info != null) {
$project_info_id = $project_info->GetId();
$db->execSqlUpdate("UPDATE content SET project_info = '{$project_info_id}' WHERE content_id = '{$this->id}'", FALSE);
}
} else {
$project_info = self::getObject($this->content_row['project_info']);
$name = "content_" . $this->id . "_project_info_erase";
if (!empty($_REQUEST[$name]) && $_REQUEST[$name] == true) {
$db->execSqlUpdate("UPDATE content SET project_info = NULL WHERE content_id = '{$this->id}'", FALSE);
$project_info->delete($errmsg);
} else {
$project_info->processAdminUI();
}
}
}
//End content metadata
if ($this->isSimpleContent() == false || $this->isPersistent()) {
/* is_persistent */
$name = "content_" . $this->id . "_is_persistent";
!empty($_REQUEST[$name]) ? $this->setIsPersistent(true) : $this->setIsPersistent(false);
/* content_has_owners */
$sql = "SELECT * FROM content_has_owners WHERE content_id='{$this->id}'";
$db->execSql($sql, $content_owner_rows, false);
if ($content_owner_rows != null) {
foreach ($content_owner_rows as $content_owner_row) {
$user = User::getObject($content_owner_row['user_id']);
$user_id = $user->getId();
$name = "content_" . $this->id . "_owner_" . $user->GetId() . "_remove";
if (!empty($_REQUEST[$name])) {
$this->deleteOwner($user);
} else {
$name = "content_" . $this->id . "_owner_" . $user->GetId() . "_is_author";
$content_owner_row['is_author'] == 't' ? $is_author = true : ($is_author = false);
!empty($_REQUEST[$name]) ? $should_be_author = true : ($should_be_author = false);
if ($is_author != $should_be_author) {
$should_be_author ? $is_author_sql = 'TRUE' : ($is_author_sql = 'FALSE');
$sql = "UPDATE content_has_owners SET is_author={$is_author_sql} WHERE content_id='{$this->id}' AND user_id='{$user_id}'";
if (!$db->execSqlUpdate($sql, false)) {
throw new Exception(_('Unable to set as author in the database.'));
}
}
}
}
}
$errMsg = null;
$user = User::processSelectUserUI("content_{$this->id}_new_owner", $errMsg);
$name = "content_{$this->id}_add_owner_submit";
if (!empty($_REQUEST[$name]) && $user != null) {
$this->addOwner($user);
}
}
}
$this->refresh();
}
}
require_once 'classes/MainUI.php';
require_once 'classes/Utils.php';
require_once 'classes/Statistics.php';
$current_user = User::getCurrentUser();
$db = AbstractDb::getObject();
$statistics = new Statistics();
$statistics->processAdminUI();
try {
if (!empty($_REQUEST['selected_nodes']) && count($_REQUEST['selected_nodes']) == 1) {
$node_id = $db->escapeString($_REQUEST['selected_nodes'][0]);
$nodeObject = Node::getObject($node_id);
$stats_title = _("Connections at") . " '" . $nodeObject->getName() . "'";
} else {
if (isset($_REQUEST['user_id'])) {
$user_id = $db->escapeString($_REQUEST["user_id"]);
$userObject = User::getObject($user_id);
$stats_title = _("User information for") . " '" . $userObject->getUsername() . "'";
} elseif (isset($_REQUEST['user_mac'])) {
$user_mac = $db->escapeString($_REQUEST["user_mac"]);
$stats_title = _("Connections from MAC") . " '" . $user_mac . "'";
} elseif (isset($_REQUEST['network_id'])) {
$network_id = $db->escapeString($_REQUEST["network_id"]);
$networkObject = Network::getObject($network_id);
$stats_title = _("Network information for") . " '" . $networkObject->getName() . "'";
} elseif (isset($_REQUEST['file']) && isset($_REQUEST['type'])) {
$filename = $_REQUEST['file'];
$type = $_REQUEST['type'];
if (User::getCurrentUser()->DEPRECATEDisSuperAdmin()) {
// The file is valid for one hour, because it contains sensitive data and we don't want to open a security breach
if (file_exists($filename) && filectime($filename) > time() - 60 * 60) {
header('Content-Type: application/octet-stream');
