public function up() { $this->createTable('tbl_user', array('id' => 'pk', 'name' => 'string NOT NULL', 'login' => 'string NOT NULL', 'password' => 'string NOT NULL')); $this->createIndex('tbl_user_login', 'tbl_user', 'login', true); $this->insert('tbl_user', array('name' => 'Admin', 'login' => 'admin', 'password' => User::passwordHash('admin'))); $this->createTable('tbl_project', array('id' => 'pk', 'user_id' => 'int', 'name' => 'string NOT NULL', 'description' => 'text')); $this->createIndex('tbl_project_user_id', 'tbl_project', 'user_id'); if ($this->getDbConnection()->driverName === 'mysql') { $this->addForeignKey('FK_tbl_project_user_id', 'tbl_project', 'user_id', 'tbl_user', 'id', 'NO ACTION', 'NO ACTION'); } $this->createTable('tbl_task', array('id' => 'pk', 'project_id' => 'int', 'start_date' => 'date', 'description' => 'text', 'progress' => 'float', 'duration' => 'int')); $this->createTable('tbl_link', array('id' => 'pk', 'source' => 'int', 'target' => 'int', 'type' => 'int')); $this->createIndex('tbl_task_project_id', 'tbl_task', 'project_id'); }
/** * Updates a particular model. * If update is successful, the browser will be redirected to the 'view' page. * @param integer $id the ID of the model to be updated */ public function actionUpdate($id) { $model = $this->loadModel($id); $modelPassword = new ChangeUserPassword(); if (isset($_POST['User'])) { $model->attributes = $_POST['User']; if ($model->save()) { $this->redirect(array('view', 'id' => $model->id)); } } if (isset($_POST['ChangeUserPassword'])) { $modelPassword->attributes = $_POST['ChangeUserPassword']; if ($modelPassword->validate()) { $model->password = User::passwordHash($modelPassword->password); $model->save(); Yii::app()->user->setFlash('passwordChange', 'Password changed.'); $this->refresh(); } } $this->render('update', array('model' => $model, 'modelPassword' => $modelPassword)); }
/** * Attempts to login a user against the authentication source * * If successfull, returns a User object * * @param string $username A valid identifying token for the source. Not * necessarily unique. For local user, bots username * and email are valid. * @param string $password Clear text password. * @param string $errmsg Reference of error message * @param int $errno Reference to error code * * @return object The actual User object if login was successfull, false * otherwise. */ public function login($username, $password, &$errmsg = null, &$errno = 0) { //echo "DEBUG: login($username, $password, $errmsg)<br/>"; $db = AbstractDb::getObject(); // Init values $retval = false; $username = $db->escapeString($username); if (empty($username)) { $errmsg .= sprintf(getErrorText(ERR_NO_USERNAME)); $errno = ERR_NO_USERNAME; $retval = false; } else { /* gbastien: this is not reusable!!, why not use password directly? */ //$password_hash = User::passwordHash($_REQUEST['password']); $password_hash = User::passwordHash($password); $password = $db->escapeString($password); $username = $this->getNetwork()->getUsernamesCaseSensitive() ? $username : strtolower($username); $compareto = $this->getNetwork()->getUsernamesCaseSensitive() ? 'username' : 'lower(username)'; $sql = "SELECT user_id FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "' AND pass='******'"; $db->execSqlUniqueRes($sql, $user_info, false); if ($user_info != null) { $user = User::getObject($user_info['user_id']); if ($user->isUserValid($errmsg, $errno)) { $retval =& $user; $errmsg = _("Login successfull"); } else { $retval = false; //Reason for refusal is already in $errmsg } } else { /* * This is only used to discriminate if the problem was a * non-existent user or a wrong password. */ $user_info = null; $db->execSqlUniqueRes("SELECT * FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "'", $user_info, false); if ($user_info == null) { $errmsg = getErrorText(ERR_UNKNOWN_USERNAME); $errno = ERR_UNKNOWN_USERNAME; } else { $errmsg = getErrorText(ERR_WRONG_PASSWORD); $errno = ERR_WRONG_PASSWORD; } $retval = false; } } User::setCurrentUser($retval); return $retval; }
public function processAdminUI() { $db = AbstractDb::getObject(); $currentUser = self::getCurrentUser(); if (Security::hasPermission(Permission::P('NETWORK_PERM_EDIT_ANY_USER'), $this->getNetwork())) { /* Account status */ $name = "user_" . $this->getId() . "_accountstatus"; $status = FormSelectGenerator::getResult($name, null); $this->setAccountStatus($status); } if ($this == $currentUser || Security::requirePermission(Permission::P('NETWORK_PERM_EDIT_ANY_USER'), $this->getNetwork())) { /* Username */ $name = "user_" . $this->getId() . "_username"; $this->setUsername($_REQUEST[$name]); /* Change password */ $nameOldpassword = "******" . $this->getId() . "_oldpassword"; $nameNewpassword = "******" . $this->getId() . "_newpassword"; $nameNewpasswordAgain = "user_" . $this->getId() . "_newpassword_again"; if ($_REQUEST[$nameNewpassword] != null) { if ($this == $currentUser && $this->getPasswordHash() != User::passwordHash($_REQUEST[$nameOldpassword])) { throw new Exception(_("Wrong password.")); } if ($_REQUEST[$nameNewpassword] != $_REQUEST[$nameNewpasswordAgain]) { throw new Exception(_("Passwords do not match.")); } $this->setPassword($_REQUEST[$nameNewpassword]); } // Pretend there is only one $profiles = $this->getAllProfiles(); if (!empty($profiles)) { $current_profile = $profiles[0]; if ($current_profile != null) { $current_profile->processAdminUI(); $name = "user_" . $this->getId() . "_delete_profile_" . $current_profile->getId(); if (!empty($_REQUEST[$name])) { $errmsg = null; $current_profile->delete($errmsg); } } } else { $name = "user_" . $this->getId() . "_add_profile"; if (!empty($_REQUEST[$name])) { // Get the list of profile templates for the users' network $profile_templates = ProfileTemplate::getAllProfileTemplates($this->getNetwork()); if (!empty($profile_templates)) { // Create a blank profile and link it to the user $current_profile = Profile::createNewObject(null, $profile_templates[0]); $this->addProfile($current_profile); } } } } }