/** * initializes a new user or creates a guest user if not logged in */ protected function initUser() { if (isset($_SESSION['dw-user-id']) && (isset($_SESSION['persistent']) || isset($_SESSION['last_action_time']))) { if (isset($_SESSION['persistent']) && $_SESSION['persistent'] || isset($_SESSION['last_action_time']) && time() - $_SESSION['last_action_time'] < 1800) { $this->user = UserQuery::create()->limit(1)->findPK($_SESSION['dw-user-id']); $_SESSION['last_action_time'] = time(); } } if (empty($this->user)) { // create temporary guest user for this session $user = new User(); $user->setEmail('*****@*****.**'); $user->setRole('guest'); $user->setLanguage(self::getBrowserLocale()); $this->user = $user; } }
}); //GET route $app->get('/setup', function () use($app) { disable_cache($app); if (DatawrapperSession::getUser()->isLoggedIn() || UserQuery::create()->filterByRole(array('admin', 'sysadmin'))->count() > 0) { $app->redirect('/'); } $page = array('title' => 'Datawrapper', 'pageClass' => 'setup', 'noHeader' => true, 'noFooter' => true, 'noSignup' => true, 'auth_salt' => DW_AUTH_SALT); add_header_vars($page, ''); $app->render('setup.twig', $page); }); /* * endpoint for final setup script */ $app->post('/setup', function () use($app) { $data = json_decode($app->request()->getBody()); // check that there is no admin user yet (only true right after setup) if (UserQuery::create()->count() == 0) { $user = new User(); $user->setCreatedAt(time()); $user->setEmail($data->email); $user->setRole('admin'); $user->setPwd(secure_password($data->pwd)); $user->setLanguage(DatawrapperSession::getLanguage()); $user->save(); DatawrapperSession::login($user); $app->redirect('/'); } else { print json_encode(array('status' => 'fail')); } });
<?php require_once __DIR__ . "/../../../Backend/SessionManager.php"; require_once __DIR__ . "/../../../Backend/ChurchManager.php"; if (!isset($_POST) || $_POST["username"] === NULL) { echo "KO"; die; } $user = new User(); $church = ChurchManager::getSingleChurch('name', $_POST["church"]); $user->setPassword(sha1($_POST["password"])); $user->setUsername($_POST["username"]); if ($_POST["type"] == '0') { $user->setType('A'); } else { $user->setType('G'); } $user->setLanguage("es"); $user->setIdChurch($church->getId()); if (SessionManager::addUser($user)) { echo "OK"; } else { echo "KO"; }
$timeformat = $this->params['timeformat']; $language = $this->params['language']; $emailChanged = $this->params['emailChanged']; $passwordChanged = $this->params['passwordChanged']; $guiDataChanged = $this->params['guiDataChanged']; $positive = $this->params['positive']; $confirmed = $this->params['confirmed']; $hadError = $passwordInsecure = $duplicateEmail = false; $errorFields = array(); if ($guiDataChanged && $confirmed != 'true') { $parameters = array('winID' => $winid, 'company' => $company, 'department' => $department, 'firstname' => $firstname, 'lastname' => $lastname, 'phone' => $phone, 'fax' => $fax, 'mobile' => $mobile, 'website' => $website, 'email' => $email, 'password' => $password, 'emailChanged' => $emailChanged, 'passwordChanged' => $passwordChanged, 'guiDataChanged' => $guiDataChanged, 'language' => $language, 'timezone' => $timezone, 'dateformat' => $dateformat, 'timeformat' => $timeformat, 'weekstart' => $weekstart); $koala->callJSFunction('Koala.yg_confirm', $itext['TXT_WARNING'] != '' ? $itext['TXT_WARNING'] : '$TXT_WARNING', $itext['TXT_WARNING_GUICONFIG_CHANGED'] != '' ? $itext['TXT_WARNING_GUICONFIG_CHANGED'] : '$TXT_WARNING_GUICONFIG_CHANGED', $action, json_encode($parameters)); } else { if ($confirmed == 'true' && $positive == 'true') { $user = new User(sUserMgr()->getCurrentUserID()); $user->setLanguage($language); $user->properties->setValue('TIMEZONE', $timezone); $user->properties->setValue('DATEFORMAT', $dateformat); $user->properties->setValue('TIMEFORMAT', $timeformat); $user->properties->setValue('WEEKSTART', $weekstart); $user->properties->setValue('COMPANY', $company); $user->properties->setValue('DEPARTMENT', $department); $user->properties->setValue('FIRSTNAME', $firstname); $user->properties->setValue('LASTNAME', $lastname); $user->properties->setValue('PHONE', $phone); $user->properties->setValue('FAX', $fax); $user->properties->setValue('MOBILE', $mobile); $user->properties->setValue('WEBSITE', $website); if ($emailChanged) { // Check if email-address is valid and really exists if (filter_var($email, FILTER_VALIDATE_EMAIL) !== false) {
break; } } // Special case for password (not a real property) if ($property == 'password') { $user->setPassword($value); // Check if user is current user and re-validate if needed if ($data[0] == sUserMgr()->getCurrentUserID()) { $this->session->setPSessionVar('password', $value); } $jsQueue->add($objectInfo['ID'], HISTORYTYPE_USER, 'OBJECT_CHANGE', sGuiUS(), 'user', NULL, NULL, $objectInfo['ID'] . '-user', $property, $value); break; } // Special case for language (not a real property) if ($property == 'language') { $user->setLanguage($value); break; } // Check if property is a readonly property $propertyInfo = $user->properties->getProperty(strtoupper($property)); $isReadOnlyProperty = $propertyInfo[0]['READONLY']; // Special handling for dates if ($propertyInfo[0]['TYPE'] == 'DATE' || $propertyInfo[0]['TYPE'] == 'DATETIME') { if ($propertyInfo[0]['TYPE'] == 'DATETIME') { $dateFrac = explode('||', $value); $timeFrac = $dateFrac[1]; $date = explode('.', $dateFrac[0]); $time = explode(':', $timeFrac); $hour = (int) $time[0]; $minute = (int) $time[1]; $ampm = explode(' ', $time[1]);
} else { $User = new User(NULL, $lang->g('LabelNewUser')); } if (array_key_exists('hidAction', $_POST) && $_POST['hidAction'] == 'UserView') { if (array_key_exists('txtUserName', $_POST)) { $User->setUserName(Utils::NullIfEmpty($_POST['txtUserName'])); } if (array_key_exists('hidPassword', $_POST)) { $User->setPassword(Utils::NullIfEmpty($_POST['hidPassword'])); $User->setSalt(Utils::NullIfEmpty($_SESSION['UserSalt'])); } $User->setFirstName(Utils::NullIfEmpty($_POST['txtFirstName'])); $User->setInsertion(Utils::NullIfEmpty($_POST['txtInsertion'])); $User->setLastName(Utils::NullIfEmpty($_POST['txtLastName'])); $User->setEmailAddress(Utils::NullIfEmpty($_POST['txtEmailAddress'])); $User->setLanguage(Utils::NullIfEmpty($_POST['selectLanguage'])); $User->setDateDisplayOptions($_POST['selectDateformat']); $User->setImageview(Utils::NullIfEmpty($_POST['selectImageview'])); if ($CurrentUser->hasPermission(RIGHT_USER_RIGHTS)) { $getrights = array(); foreach (Rights::getDefinedRights() as $k => $v) { if (array_key_exists('chk' . $k, $_POST)) { $getrights[] = $v; } } $User->setRights($getrights); } if (array_key_exists('radGender', $_POST)) { switch (intval($_POST['radGender'])) { case GENDER_FEMALE: $User->setGender(GENDER_FEMALE);
if ($admin === true && $user->getRole() != "admin") { $user->setRole("admin"); } DatawrapperSession::login($user, $payload->keeplogin == true); ok(); } else { $user = new User(); $user->setCreatedAt(time()); $user->setEmail($payload->user); $user->setPwd("via_ldap"); if ($admin === false) { $user->setRole("editor"); } else { $user->setRole("admin"); } $user->setLanguage("en_GB"); $user->save(); DatawrapperSession::login($user, $payload->keeplogin == true); ok(); } } catch (Exception $e) { error('login-invalid', __('Invalid login.')); } // $payload = json_decode($app->request()->getBody()); // // First, check username against LDAP // $user = $payload->user; // // console.log($payload); // $config = $GLOBALS['dw_config']; // if ($user == $config["admin"]["username"]){ // // try { // // $user = UserQuery::create()->findOneByEmail($payload->user);