/**
* initializes a new user or creates a guest user if not logged in
*/
protected function initUser()
{
if (isset($_SESSION['dw-user-id']) && (isset($_SESSION['persistent']) || isset($_SESSION['last_action_time']))) {
if (isset($_SESSION['persistent']) && $_SESSION['persistent'] || isset($_SESSION['last_action_time']) && time() - $_SESSION['last_action_time'] < 1800) {
$this->user = UserQuery::create()->limit(1)->findPK($_SESSION['dw-user-id']);
$_SESSION['last_action_time'] = time();
}
}
if (empty($this->user)) {
// create temporary guest user for this session
$user = new User();
$user->setEmail('*****@*****.**');
$user->setRole('guest');
$user->setLanguage(self::getBrowserLocale());
$this->user = $user;
}
}
});
//GET route
$app->get('/setup', function () use($app) {
disable_cache($app);
if (DatawrapperSession::getUser()->isLoggedIn() || UserQuery::create()->filterByRole(array('admin', 'sysadmin'))->count() > 0) {
$app->redirect('/');
}
$page = array('title' => 'Datawrapper', 'pageClass' => 'setup', 'noHeader' => true, 'noFooter' => true, 'noSignup' => true, 'auth_salt' => DW_AUTH_SALT);
add_header_vars($page, '');
$app->render('setup.twig', $page);
});
/*
* endpoint for final setup script
*/
$app->post('/setup', function () use($app) {
$data = json_decode($app->request()->getBody());
// check that there is no admin user yet (only true right after setup)
if (UserQuery::create()->count() == 0) {
$user = new User();
$user->setCreatedAt(time());
$user->setEmail($data->email);
$user->setRole('admin');
$user->setPwd(secure_password($data->pwd));
$user->setLanguage(DatawrapperSession::getLanguage());
$user->save();
DatawrapperSession::login($user);
$app->redirect('/');
} else {
print json_encode(array('status' => 'fail'));
}
});
<?php
require_once __DIR__ . "/../../../Backend/SessionManager.php";
require_once __DIR__ . "/../../../Backend/ChurchManager.php";
if (!isset($_POST) || $_POST["username"] === NULL) {
echo "KO";
die;
}
$user = new User();
$church = ChurchManager::getSingleChurch('name', $_POST["church"]);
$user->setPassword(sha1($_POST["password"]));
$user->setUsername($_POST["username"]);
if ($_POST["type"] == '0') {
$user->setType('A');
} else {
$user->setType('G');
}
$user->setLanguage("es");
$user->setIdChurch($church->getId());
if (SessionManager::addUser($user)) {
echo "OK";
} else {
echo "KO";
}
$timeformat = $this->params['timeformat'];
$language = $this->params['language'];
$emailChanged = $this->params['emailChanged'];
$passwordChanged = $this->params['passwordChanged'];
$guiDataChanged = $this->params['guiDataChanged'];
$positive = $this->params['positive'];
$confirmed = $this->params['confirmed'];
$hadError = $passwordInsecure = $duplicateEmail = false;
$errorFields = array();
if ($guiDataChanged && $confirmed != 'true') {
$parameters = array('winID' => $winid, 'company' => $company, 'department' => $department, 'firstname' => $firstname, 'lastname' => $lastname, 'phone' => $phone, 'fax' => $fax, 'mobile' => $mobile, 'website' => $website, 'email' => $email, 'password' => $password, 'emailChanged' => $emailChanged, 'passwordChanged' => $passwordChanged, 'guiDataChanged' => $guiDataChanged, 'language' => $language, 'timezone' => $timezone, 'dateformat' => $dateformat, 'timeformat' => $timeformat, 'weekstart' => $weekstart);
$koala->callJSFunction('Koala.yg_confirm', $itext['TXT_WARNING'] != '' ? $itext['TXT_WARNING'] : '$TXT_WARNING', $itext['TXT_WARNING_GUICONFIG_CHANGED'] != '' ? $itext['TXT_WARNING_GUICONFIG_CHANGED'] : '$TXT_WARNING_GUICONFIG_CHANGED', $action, json_encode($parameters));
} else {
if ($confirmed == 'true' && $positive == 'true') {
$user = new User(sUserMgr()->getCurrentUserID());
$user->setLanguage($language);
$user->properties->setValue('TIMEZONE', $timezone);
$user->properties->setValue('DATEFORMAT', $dateformat);
$user->properties->setValue('TIMEFORMAT', $timeformat);
$user->properties->setValue('WEEKSTART', $weekstart);
$user->properties->setValue('COMPANY', $company);
$user->properties->setValue('DEPARTMENT', $department);
$user->properties->setValue('FIRSTNAME', $firstname);
$user->properties->setValue('LASTNAME', $lastname);
$user->properties->setValue('PHONE', $phone);
$user->properties->setValue('FAX', $fax);
$user->properties->setValue('MOBILE', $mobile);
$user->properties->setValue('WEBSITE', $website);
if ($emailChanged) {
// Check if email-address is valid and really exists
if (filter_var($email, FILTER_VALIDATE_EMAIL) !== false) {
break;
}
}
// Special case for password (not a real property)
if ($property == 'password') {
$user->setPassword($value);
// Check if user is current user and re-validate if needed
if ($data[0] == sUserMgr()->getCurrentUserID()) {
$this->session->setPSessionVar('password', $value);
}
$jsQueue->add($objectInfo['ID'], HISTORYTYPE_USER, 'OBJECT_CHANGE', sGuiUS(), 'user', NULL, NULL, $objectInfo['ID'] . '-user', $property, $value);
break;
}
// Special case for language (not a real property)
if ($property == 'language') {
$user->setLanguage($value);
break;
}
// Check if property is a readonly property
$propertyInfo = $user->properties->getProperty(strtoupper($property));
$isReadOnlyProperty = $propertyInfo[0]['READONLY'];
// Special handling for dates
if ($propertyInfo[0]['TYPE'] == 'DATE' || $propertyInfo[0]['TYPE'] == 'DATETIME') {
if ($propertyInfo[0]['TYPE'] == 'DATETIME') {
$dateFrac = explode('||', $value);
$timeFrac = $dateFrac[1];
$date = explode('.', $dateFrac[0]);
$time = explode(':', $timeFrac);
$hour = (int) $time[0];
$minute = (int) $time[1];
$ampm = explode(' ', $time[1]);
} else {
$User = new User(NULL, $lang->g('LabelNewUser'));
}
if (array_key_exists('hidAction', $_POST) && $_POST['hidAction'] == 'UserView') {
if (array_key_exists('txtUserName', $_POST)) {
$User->setUserName(Utils::NullIfEmpty($_POST['txtUserName']));
}
if (array_key_exists('hidPassword', $_POST)) {
$User->setPassword(Utils::NullIfEmpty($_POST['hidPassword']));
$User->setSalt(Utils::NullIfEmpty($_SESSION['UserSalt']));
}
$User->setFirstName(Utils::NullIfEmpty($_POST['txtFirstName']));
$User->setInsertion(Utils::NullIfEmpty($_POST['txtInsertion']));
$User->setLastName(Utils::NullIfEmpty($_POST['txtLastName']));
$User->setEmailAddress(Utils::NullIfEmpty($_POST['txtEmailAddress']));
$User->setLanguage(Utils::NullIfEmpty($_POST['selectLanguage']));
$User->setDateDisplayOptions($_POST['selectDateformat']);
$User->setImageview(Utils::NullIfEmpty($_POST['selectImageview']));
if ($CurrentUser->hasPermission(RIGHT_USER_RIGHTS)) {
$getrights = array();
foreach (Rights::getDefinedRights() as $k => $v) {
if (array_key_exists('chk' . $k, $_POST)) {
$getrights[] = $v;
}
}
$User->setRights($getrights);
}
if (array_key_exists('radGender', $_POST)) {
switch (intval($_POST['radGender'])) {
case GENDER_FEMALE:
$User->setGender(GENDER_FEMALE);
if ($admin === true && $user->getRole() != "admin") {
$user->setRole("admin");
}
DatawrapperSession::login($user, $payload->keeplogin == true);
ok();
} else {
$user = new User();
$user->setCreatedAt(time());
$user->setEmail($payload->user);
$user->setPwd("via_ldap");
if ($admin === false) {
$user->setRole("editor");
} else {
$user->setRole("admin");
}
$user->setLanguage("en_GB");
$user->save();
DatawrapperSession::login($user, $payload->keeplogin == true);
ok();
}
} catch (Exception $e) {
error('login-invalid', __('Invalid login.'));
}
// $payload = json_decode($app->request()->getBody());
// // First, check username against LDAP
// $user = $payload->user;
// // console.log($payload);
// $config = $GLOBALS['dw_config'];
// if ($user == $config["admin"]["username"]){
// // try {
// // $user = UserQuery::create()->findOneByEmail($payload->user);
