public function up()
{
$this->createTable('tbl_user', array('id' => 'pk', 'name' => 'string NOT NULL', 'login' => 'string NOT NULL', 'password' => 'string NOT NULL'));
$this->createIndex('tbl_user_login', 'tbl_user', 'login', true);
$this->insert('tbl_user', array('name' => 'Admin', 'login' => 'admin', 'password' => User::passwordHash('admin')));
$this->createTable('tbl_project', array('id' => 'pk', 'user_id' => 'int', 'name' => 'string NOT NULL', 'description' => 'text'));
$this->createIndex('tbl_project_user_id', 'tbl_project', 'user_id');
if ($this->getDbConnection()->driverName === 'mysql') {
$this->addForeignKey('FK_tbl_project_user_id', 'tbl_project', 'user_id', 'tbl_user', 'id', 'NO ACTION', 'NO ACTION');
}
$this->createTable('tbl_task', array('id' => 'pk', 'project_id' => 'int', 'start_date' => 'date', 'description' => 'text', 'progress' => 'float', 'duration' => 'int'));
$this->createTable('tbl_link', array('id' => 'pk', 'source' => 'int', 'target' => 'int', 'type' => 'int'));
$this->createIndex('tbl_task_project_id', 'tbl_task', 'project_id');
}
/**
* Updates a particular model.
* If update is successful, the browser will be redirected to the 'view' page.
* @param integer $id the ID of the model to be updated
*/
public function actionUpdate($id)
{
$model = $this->loadModel($id);
$modelPassword = new ChangeUserPassword();
if (isset($_POST['User'])) {
$model->attributes = $_POST['User'];
if ($model->save()) {
$this->redirect(array('view', 'id' => $model->id));
}
}
if (isset($_POST['ChangeUserPassword'])) {
$modelPassword->attributes = $_POST['ChangeUserPassword'];
if ($modelPassword->validate()) {
$model->password = User::passwordHash($modelPassword->password);
$model->save();
Yii::app()->user->setFlash('passwordChange', 'Password changed.');
$this->refresh();
}
}
$this->render('update', array('model' => $model, 'modelPassword' => $modelPassword));
}
/**
* Attempts to login a user against the authentication source
*
* If successfull, returns a User object
*
* @param string $username A valid identifying token for the source. Not
* necessarily unique. For local user, bots username
* and email are valid.
* @param string $password Clear text password.
* @param string $errmsg Reference of error message
* @param int $errno Reference to error code
*
* @return object The actual User object if login was successfull, false
* otherwise.
*/
public function login($username, $password, &$errmsg = null, &$errno = 0)
{
//echo "DEBUG: login($username, $password, $errmsg)<br/>";
$db = AbstractDb::getObject();
// Init values
$retval = false;
$username = $db->escapeString($username);
if (empty($username)) {
$errmsg .= sprintf(getErrorText(ERR_NO_USERNAME));
$errno = ERR_NO_USERNAME;
$retval = false;
} else {
/* gbastien: this is not reusable!!, why not use password directly? */
//$password_hash = User::passwordHash($_REQUEST['password']);
$password_hash = User::passwordHash($password);
$password = $db->escapeString($password);
$username = $this->getNetwork()->getUsernamesCaseSensitive() ? $username : strtolower($username);
$compareto = $this->getNetwork()->getUsernamesCaseSensitive() ? 'username' : 'lower(username)';
$sql = "SELECT user_id FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "' AND pass='******'";
$db->execSqlUniqueRes($sql, $user_info, false);
if ($user_info != null) {
$user = User::getObject($user_info['user_id']);
if ($user->isUserValid($errmsg, $errno)) {
$retval =& $user;
$errmsg = _("Login successfull");
} else {
$retval = false;
//Reason for refusal is already in $errmsg
}
} else {
/*
* This is only used to discriminate if the problem was a
* non-existent user or a wrong password.
*/
$user_info = null;
$db->execSqlUniqueRes("SELECT * FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "'", $user_info, false);
if ($user_info == null) {
$errmsg = getErrorText(ERR_UNKNOWN_USERNAME);
$errno = ERR_UNKNOWN_USERNAME;
} else {
$errmsg = getErrorText(ERR_WRONG_PASSWORD);
$errno = ERR_WRONG_PASSWORD;
}
$retval = false;
}
}
User::setCurrentUser($retval);
return $retval;
}
public function processAdminUI()
{
$db = AbstractDb::getObject();
$currentUser = self::getCurrentUser();
if (Security::hasPermission(Permission::P('NETWORK_PERM_EDIT_ANY_USER'), $this->getNetwork())) {
/* Account status */
$name = "user_" . $this->getId() . "_accountstatus";
$status = FormSelectGenerator::getResult($name, null);
$this->setAccountStatus($status);
}
if ($this == $currentUser || Security::requirePermission(Permission::P('NETWORK_PERM_EDIT_ANY_USER'), $this->getNetwork())) {
/* Username */
$name = "user_" . $this->getId() . "_username";
$this->setUsername($_REQUEST[$name]);
/* Change password */
$nameOldpassword = "******" . $this->getId() . "_oldpassword";
$nameNewpassword = "******" . $this->getId() . "_newpassword";
$nameNewpasswordAgain = "user_" . $this->getId() . "_newpassword_again";
if ($_REQUEST[$nameNewpassword] != null) {
if ($this == $currentUser && $this->getPasswordHash() != User::passwordHash($_REQUEST[$nameOldpassword])) {
throw new Exception(_("Wrong password."));
}
if ($_REQUEST[$nameNewpassword] != $_REQUEST[$nameNewpasswordAgain]) {
throw new Exception(_("Passwords do not match."));
}
$this->setPassword($_REQUEST[$nameNewpassword]);
}
// Pretend there is only one
$profiles = $this->getAllProfiles();
if (!empty($profiles)) {
$current_profile = $profiles[0];
if ($current_profile != null) {
$current_profile->processAdminUI();
$name = "user_" . $this->getId() . "_delete_profile_" . $current_profile->getId();
if (!empty($_REQUEST[$name])) {
$errmsg = null;
$current_profile->delete($errmsg);
}
}
} else {
$name = "user_" . $this->getId() . "_add_profile";
if (!empty($_REQUEST[$name])) {
// Get the list of profile templates for the users' network
$profile_templates = ProfileTemplate::getAllProfileTemplates($this->getNetwork());
if (!empty($profile_templates)) {
// Create a blank profile and link it to the user
$current_profile = Profile::createNewObject(null, $profile_templates[0]);
$this->addProfile($current_profile);
}
}
}
}
}
