public function action_do()
{
if (count($_POST) && isset($_POST['username']) && isset($_POST['password'])) {
Session::instance();
$post = new Validation($_POST);
$post->filter('trim');
$post->filter('strtolower', 'username');
// Usename should always be lower case
$post_values = $post->as_array();
$user = new User(FALSE, $post_values['username'], $post_values['password']);
if ($user->logged_in() && $user->get_user_data('role') && array_intersect($user->get_role(), User::get_roles())) {
// The user logged in correctly, and got the role "admin". All good
$this->redirect('/admin');
} elseif (!$user->logged_in()) {
$_SESSION['modules']['pajas']['error'] = 'Wrong username or password';
} elseif (!$user->get_user_data('role') || !in_array('admin', $user->get_user_data('role'))) {
$_SESSION['modules']['pajas']['error'] = 'You are not authorized';
} else {
$_SESSION['modules']['pajas']['error'] = 'Unknown error';
}
}
$this->redirect();
}
} else {
$logged_in_id = -1;
}
$user = new User();
try {
$user->load((int) $uid);
} catch (PAException $e) {
$msg = "Error occured in retreiving user information\n";
$msg .= "<br><center><font color=\"red\">" . $e->message . "</font></center>";
$error = TRUE;
}
$accepted = Invitation::get_accepted_invitations($_SESSION['user']['id']);
if (!empty($accepted)) {
$i = 0;
foreach ($accepted as $ac) {
$user_info = User::get_user_data($ac['inv_user_email']);
$accepted_invitation[$i]['user_name'] = $user_info['login_name'];
$accepted_invitation[$i]['first_name'] = $user_info['first_name'];
$accepted_invitation[$i]['last_name'] = $user_info['last_name'];
$accepted_invitation[$i]['picture'] = $user_info['picture'];
$accepted_invitation[$i]['user_id'] = $user_info['user_id'];
$i++;
}
}
$pending = Invitation::get_pending_invitations($_SESSION['user']['id']);
if (!empty($pending)) {
$i = 0;
foreach ($pending as $pe) {
$pending_invitation[$i]['user_email'] = $pe['inv_user_email'];
$i++;
}
require_once "api/CNRelation/CNRelation.php";
require_once "api/CNInvitation/CNInvitation.php";
require_once "web/includes/cnurls.php";
require_once "api/CNMessaging/CNMessageDispatcher.php";
// if user is logged in (and has entered their password recently) redirect to the User's page
if (isset(PA::$login_uid) && isset($_SESSION['login_source']) && $_SESSION['login_source'] == 'password' && empty($_GET['action']) && empty($_GET['enable']) && empty($_GET['auth']) && empty($_GET['openid_mode']) && empty($_GET['GInvID'])) {
$location = PA::$url . PA_ROUTE_USER_PRIVATE;
header("Location: {$location}");
exit;
}
require_once "api/CNConfigurableText/CNConfigurableText.php";
// middle content
if (isset($_POST['submit'])) {
//this is code for forgot password
$error = FALSE;
$email_pass = User::get_user_data($_POST['email']);
if ($email_pass['email_exist'] == TRUE) {
User::send_email_to_change_password($_POST['email']);
} else {
$error = TRUE;
}
}
if (!empty($_SESSION['user']['id']) && (isset($_GET['action']) && $_GET['action'] == 'accept') && !empty($_GET['token'])) {
$token = NULL;
if (!empty($_GET['token'])) {
$token = $_GET['token'];
try {
$token_arr = authenticate_invitation_token($token);
} catch (CNException $e) {
$token_arr[1] = "{$e->message}";
}
public static function send_email_to_change_password($email)
{
Logger::log("Enter: function User::send_email");
// global var $_base_url has been removed - please, use PA::$url static variable
$email_exist = User::get_user_data($email);
if ($email_exist['email_exist'] == TRUE) {
$first_name = $email_exist['first_name'];
$last_name = $email_exist['last_name'];
$user_name = $email_exist['login_name'];
$password = $email_exist['password'];
$user_id = $email_exist['user_id'];
$status = 0;
$forgot_password_id = md5(uniqid(rand()));
// insert data into the database
$sql = 'INSERT into {forgot_password} (user_id, forgot_password_id, status) values (?, ?, ?)';
$data = array($user_id, $forgot_password_id, $status);
$res = Dal::query($sql, $data);
$chng_psw_url = PA::$url . '/' . FILE_CHANGE_PASSWORD . '?log_nam=' . $user_name . '&uid=' . $user_id . '&forgot_password_id=' . $forgot_password_id;
$change_password_url = "<a href=\"{$chng_psw_url}\">{$chng_psw_url}</a>";
$forg_user = new User();
$forg_user->load((int) $user_id);
$check = PAMail::send('forgot_password', $forg_user, PA::$network_info, array('change_password_url' => $change_password_url));
if ($check == FALSE) {
Logger::log("Throwing exception MAIL_FUNCTION_FAILED | Mail is not sent to friend ", LOGGER_ERROR);
throw new PAException(MAIL_FUNCTION_FAILED, "Mail is not sent to friend");
}
}
Logger::log("Exit: function User::send_email");
}
public function action_user()
{
$formdata = array();
if (isset($_GET['id'])) {
$user = new User($_GET['id'], FALSE, FALSE, 'default', FALSE);
if (!$user->logged_in()) {
$this->redirect();
}
}
$this->list_available_data_fields();
if (!empty($_POST) && isset($_POST['username']) && isset($_POST['password'])) {
$post = new Validation($_POST);
$post->filter('trim');
$post->filter('strtolower', 'username');
$post->rule('Valid::not_empty', 'username');
if (isset($user)) {
if ($_POST['username'] != $user->get_username()) {
$post->rule('User::username_available', 'username');
}
} else {
$post->rule('User::username_available', 'username');
}
if (!isset($user)) {
$post->rule('Valid::not_empty', 'password');
}
if (isset($_POST['do_add_field'])) {
// Add another user data field and save no data, but repopulate the form fields
if (!isset($_SESSION['detail_fields'])) {
$_SESSION['detail_fields'] = array();
}
$_SESSION['detail_fields'][] = $_POST['add_field'];
// Reconstruct the form data to repopulate the form
$formdata = array();
$counter = 0;
$post_values = $post->as_array();
foreach ($post_values as $field => $data) {
if (substr($field, 0, 8) == 'fieldid_') {
foreach ($data as $data_piece) {
$counter++;
$formdata['field_' . substr($field, 8) . '_' . $counter] = trim($data_piece);
}
} elseif ($field == 'username') {
$formdata[$field] = $post_values[$field];
}
}
} else {
// Check for form errors
if ($post->validate()) {
// No form errors, add the user!
$post_values = $post->as_array();
// Erase the empty data fields
foreach ($post_values as $key => $value) {
if (substr($key, 0, 8) == 'fieldid_' && is_array($value)) {
foreach ($value as $nr => $value_piece) {
if ($value_piece == '') {
unset($post_values[$key][$nr]);
}
}
}
}
// Organize the field data and set the session fields
$fields = $_SESSION['detail_fields'] = array();
foreach ($post_values as $key => $value) {
if (substr($key, 0, 6) == 'field_') {
list($foobar, $field_id, $field_nr) = explode('_', $key);
$fields[User::get_data_field_name($field_id)][] = $value;
}
}
if (!isset($_GET['id'])) {
// Actually add the user
User::new_user($post_values['username'], $post_values['password'], $fields);
$this->add_message('User ' . $post_values['username'] . ' added');
} elseif (isset($user)) {
$user->set_user_data(array_merge($fields, array('username' => $post_values['username'], 'password' => $post_values['password'])), TRUE);
$this->add_message('User data saved');
}
} else {
// Form errors detected!
$this->add_error('Fix errors and try again');
$this->add_form_errors($post->errors());
$formdata = array();
$counter = 0;
$post_values = $post->as_array();
foreach ($post_values as $field => $data) {
if (substr($field, 0, 8) == 'fieldid_') {
foreach ($data as $data_piece) {
$counter++;
$formdata['field_' . substr($field, 8) . '_' . $counter] = trim($data_piece);
}
} elseif ($field == 'username') {
$formdata[$field] = $post_values[$field];
}
}
}
}
}
if (isset($user)) {
$formdata = array('username' => $user->get_username());
$counter = 0;
foreach ($user->get_user_data() as $field => $data) {
foreach ($data as $data_piece) {
$counter++;
$formdata['field_' . User::get_data_field_id($field) . '_' . $counter] = $data_piece;
}
}
}
if (!empty($_SESSION['detail_fields'])) {
foreach ($_SESSION['detail_fields'] as $field_id) {
$counter = 1;
while (isset($formdata['field_' . $field_id . '_' . $counter])) {
$counter++;
}
$formdata['field_' . $field_id . '_' . $counter] = '';
}
}
$this->set_formdata($formdata);
}
/**
* Change user password
* This function creates a new random 8 character password,
* sets it in the database and emails it to the user
* @return boolean true or false on success of function
* @see make_seed()
*/
function changePassword()
{
global $conf;
$adminemail = $conf['app']['adminEmail'];
$title = $conf['app']['title'];
$use_logon_name = (bool) $conf['app']['useLogonName'];
// Check if user exists
$email = stripslashes(trim($_POST['email_address']));
// Connect to database
$AuthDB = new AuthDB();
$id = $AuthDB->userExists($email);
if (empty($id)) {
CmnFns::do_error_box(translate('Sorry, we could not find that user in the database.'), '', false);
return false;
} else {
$user = new User($id);
$result = $user->get_user_data();
}
// Generate new 8 character password by choosing random
// ASCII characters between 48 and 122
// (valid password characters)
$pwd = '';
$num = 0;
for ($i = 0; $i < 8; $i++) {
// Seed random for older versions of PHP
mt_srand(make_seed());
if ($i % 2 == 0) {
$num = mt_rand(97, 122);
} else {
if ($i % 3 == 0) {
$num = mt_rand(48, 58);
} else {
$num = mt_rand(63, 90);
}
}
// Uppercase letters and '@ ?'
// Put password together
$pwd .= chr($num);
}
// Set password in database
$user->set_password($pwd);
// Send email to user
$sub = translate('Your New Password', array($title));
$msg = translate_email('new_password', $result['fname'], $conf['app']['title'], $pwd, CmnFns::getScriptURL(), $adminemail);
$msg .= $use_logon_name ? "\r\n" . translate('Your logon name is', array($result['logon_name'])) : '';
// Send email
$mailer = new PHPMailer();
$mailer->AddAddress($result['email'], $result['fname']);
$mailer->FromName = $conf['app']['title'];
$mailer->From = $adminemail;
$mailer->Subject = $sub;
$mailer->Body = $msg;
$mailer->Send();
return true;
}
$auth->print_login_msg(true);
$auth->clean();
// Clean out any lingering sessions
} else {
if (!$edit && !(bool) $conf['app']['allowSelfRegistration']) {
$isAdmin = $curUser->is_group_admin(array($id)) || Auth::isAdmin();
if (!$isAdmin) {
// Only the administrator can create users
CmnFns::do_error_box(translate('This is only accessable to the administrator'), '', true);
}
}
}
// If we are editing and have not yet submitted an update
if ($edit && !isset($_POST['update'])) {
$user = new User($id);
$data = $user->get_user_data();
$data['emailaddress'] = $data['email'];
// Needed to be the same as the form
} else {
$data = CmnFns::cleanPostVals();
}
if (isset($_POST['register'])) {
// New registration
$data['lang'] = determine_language();
$adminCreated = Auth::is_logged_in() && Auth::isAdmin();
$msg = $auth->do_register_user($data, $adminCreated);
$show_form = false;
} else {
if (isset($_POST['update'])) {
// Update registration
$adminUpdate = $curUser->get_id() != $id && (Auth::isAdmin() || $curUser->is_group_admin(array($id)));
public static function send_email_to_change_password($email)
{
Logger::log("Enter: function User::send_email");
global $base_url;
global $config_site_name;
$email_exist = User::get_user_data($email);
if ($email_exist['email_exist'] == TRUE) {
$first_name = $email_exist['first_name'];
$last_name = $email_exist['last_name'];
$user_name = $email_exist['login_name'];
$password = $email_exist['password'];
$user_id = $email_exist['user_id'];
$status = 0;
$forgot_password_id = md5(uniqid(rand()));
//print "FORGOT::".$forgot_password_id; exit;
// insert data into the database
$sql = 'INSERT into {forgot_password} (user_id, forgot_password_id, status) values (?, ?, ?)';
$data = array($user_id, $forgot_password_id, $status);
$res = Dal::query($sql, $data);
//print "FORGOT after::".$forgot_password_id; print_r($sql); exit;
$change_password_url = PA::$url . '/' . FILE_CHANGE_PASSWORD . '?log_nam=' . $user_name . '&uid=' . $user_id . '&forgot_password_id=' . $forgot_password_id;
$array_of_data = array('first_name' => $first_name, 'last_name' => $last_name, 'config_site_name' => $config_site_name, 'user_name' => $user_name, 'user_id' => $user_id, 'change_password_url' => $change_password_url);
// calling common mailing method using flag (type=forgot_password)
$check = pa_mail($email, 'forgot_password', $array_of_data);
if ($check == FALSE) {
Logger::log("Throwing exception MAIL_FUNCTION_FAILED | Mail is not sent to friend ", LOGGER_ERROR);
throw new PAException(MAIL_FUNCTION_FAILED, "Mail is not sent to friend");
}
}
Logger::log("Exit: function User::send_email");
}
