/**
* Get security token, forward to action.
*
* @param unknown_type $page
* @return unknown_type
*/
function uservalidationbyemail_page_handler($page)
{
global $CONFIG;
if (isset($page[0]) && $page[0] == 'confirm') {
$code = sanitise_string(get_input('c', FALSE));
$user_guid = get_input('u', FALSE);
// new users are not enabled by default.
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
$user = get_entity($user_guid);
if ($code && $user) {
if (uservalidationbyemail_validate_email($user_guid, $code)) {
system_message(elgg_echo('email:confirm:success'));
$user = get_entity($user_guid);
$user->enable();
notify_user($user_guid, $CONFIG->site->guid, sprintf(elgg_echo('email:validate:success:subject'), $user->username), sprintf(elgg_echo('email:validate:success:body'), $user->name), NULL, 'email');
} else {
register_error(elgg_echo('email:confirm:fail'));
}
} else {
register_error(elgg_echo('email:confirm:fail'));
}
access_show_hidden_entities($access_status);
} else {
register_error(elgg_echo('email:confirm:fail'));
}
forward();
}
/**
* Listen to the login event to make sure the user is validated
*
* @param string $event the name of the event
* @param string $type the type of the event
* @param ElggUser $user supplied user
*
* @return bool
*/
function uservalidationbyadmin_login_event($event, $type, $user)
{
$result = false;
// make sure we can see all users
$hidden = access_get_show_hidden_status();
access_show_hidden_entities(true);
// do we actualy have a user
if (!empty($user) && elgg_instanceof($user, "user")) {
// is the user enabled
if ($user->isEnabled()) {
if ($user->isAdmin()) {
// admins are always allowed
$result = true;
} elseif (isset($user->admin_validated)) {
// check if the user is validated
if ($user->admin_validated) {
// user is validated and can login
$result = true;
}
} else {
// user has register before this plugin was activated
$result = true;
}
}
}
// check if the user can login
if (empty($result)) {
// register error
register_error(elgg_echo("uservalidationbyadmin:login:error"));
}
// restore access setting
access_show_hidden_entities($hidden);
return $result;
}
/**
* Called on successful user login
* If they are not in stormpath lets add them
*
* @param type $event
* @param type $type
* @param type $user
*/
function event_user_login($event, $type, $user)
{
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
if ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) {
// send new validation email
uservalidationbyemail_request_validation($user->getGUID());
// restore hidden entities settings
access_show_hidden_entities($access_status);
// throw error so we get a nice error message
throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
}
access_show_hidden_entities($access_status);
if ($user->__stormpath_user) {
return true;
}
// search stormpath for a matching account
// may be in stormpath by manual addition, or from another application
// with shared login
$application = get_application();
if ($application) {
$accts = $application->getAccounts(array('email' => $user->email));
foreach ($accts as $a) {
$user->__stormpath_user = $a->href;
return true;
}
$password = get_input('password');
if ($password) {
add_to_stormpath($user, $password);
}
}
return true;
}
/**
* Listen to the registration of a new user
*
* @param string $hook the name of the hook
* @param string $type the type of the hook
* @param bool $return_value the current return value
* @param array $params supplied params
*
* @return bool
*/
function uservalidationbyadmin_register_user_hook($hook, $type, $return_value, $params)
{
if (empty($params) || !is_array($params)) {
return $return_value;
}
$user = elgg_extract("user", $params);
if (empty($user) || !elgg_instanceof($user, "user")) {
return $return_value;
}
// make sure we can see everything
$hidden = access_get_show_hidden_status();
access_show_hidden_entities(true);
// make sure we can save metadata
elgg_push_context("uservalidationbyadmin_new_user");
// this user needs validation
$user->admin_validated = false;
// check who to notify
$notify_admins = uservalidationbyadmin_get_admin_notification_setting();
if ($notify_admins == "direct") {
uservalidationbyadmin_notify_admins();
}
// check if we need to disable the user
if ($user->isEnabled()) {
$user->disable();
}
// restore context
elgg_pop_context();
// restore access settings
access_show_hidden_entities($hidden);
return $return_value;
}
/**
* Clean unvalidated users cron hook
*/
function clean_unvalidate($vars)
{
$days_till_first_reminder = elgg_get_plugin_setting("validation_reminder_first_message") * 1;
$days_till_second_reminder = elgg_get_plugin_setting("validation_reminder_second_message") * 1;
$days_till_removal = elgg_get_plugin_setting("validation_reminder_remove") * 1;
$proviousAccessShowHiddenEntities = access_show_hidden_entities(true);
$proviousIgnoreAccess = elgg_set_ignore_access(true);
$dbprefix = elgg_get_config('dbprefix');
// @var $users ElggUser[]
$users = elgg_get_entities_from_metadata(['type' => 'user', 'limit' => false, 'metadata_name_value_pair' => array(array('name' => 'validated', 'value' => false))]);
foreach ($users as $user) {
$validate_reminder_start_date = $user->time_created;
if (time() - $validate_reminder_start_date >= $days_till_removal * 24 * 60 * 60) {
$user->delete();
echo 'Account deleted';
} else {
if (time() - $validate_reminder_start_date >= $days_till_second_reminder * 24 * 60 * 60 && time() - $validate_reminder_start_date <= ($days_till_second_reminder + 1) * 24 * 60 * 60) {
send_validation_reminder_mail($user, $days_till_removal, $days_till_second_reminder);
echo 'Send second reminder send';
} else {
if (time() - $validate_reminder_start_date >= $days_till_first_reminder * 24 * 60 * 60 && time() - $validate_reminder_start_date <= ($days_till_first_reminder + 1) * 24 * 60 * 60) {
send_validation_reminder_mail($user, $days_till_removal, $days_till_first_reminder);
echo 'Send first reminder send';
} else {
echo 'Waiting for validation';
}
}
}
echo ' for user: '******'<br>';
}
elgg_set_ignore_access($proviousIgnoreAccess);
access_show_hidden_entities($proviousAccessShowHiddenEntities);
}
/**
* Return the phase of the answer
*
* @return QeustionsWorkflowPhase| workflow phase
*/
public function getPhase()
{
access_show_hidden_entities(true);
if ($this->phase_guid) {
$phase = get_entity($this->phase_guid);
}
access_show_hidden_entities(false);
return $phase;
}
public static function isAvailableUsername(\PropertyInterface $prop, $value = null, array $params = array())
{
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
$available = true;
if (get_user_by_username($value)) {
$available = false;
}
access_show_hidden_entities($access_status);
return $available;
}
/**
* Delete messages from a user who is being deleted
*
* @param string $event
* @param string $type
* @param ElggUser $user
*/
function customizations_purge_messages($event, $type, $user)
{
// make sure we delete them all
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$messages = elgg_get_entities_from_metadata(array('type' => 'object', 'subtype' => 'messages', 'metadata_name' => 'fromId', 'metadata_value' => $user->getGUID(), 'limit' => 0));
if ($messages) {
foreach ($messages as $e) {
$e->delete();
}
}
access_show_hidden_entities($entity_disable_override);
}
/**
* Generates a unique available and valid username
*
* @param string $username Username prefix
* @return string
*/
function forms_register_generate_username($username = '')
{
$available = false;
$username = iconv('UTF-8', 'ASCII//TRANSLIT', $username);
$blacklist = '/[\\x{0080}-\\x{009f}\\x{00a0}\\x{2000}-\\x{200f}\\x{2028}-\\x{202f}\\x{3000}\\x{e000}-\\x{f8ff}]/u';
$blacklist2 = array(' ', '\'', '/', '\\', '"', '*', '&', '?', '#', '%', '^', '(', ')', '{', '}', '[', ']', '~', '?', '<', '>', ';', '|', '¬', '`', '@', '-', '+', '=');
$username = preg_replace($blacklist, '', $username);
$username = str_replace($blacklist2, '.', $username);
$ia = elgg_set_ignore_access(true);
$ha = access_get_show_hidden_status();
access_show_hidden_entities(true);
$minlength = elgg_get_config('minusername') ?: 4;
if ($username) {
$fill = $minlength - strlen($username);
} else {
$fill = 8;
}
$algo = elgg_get_plugin_setting('autogen_username_algo', 'forms_register', 'first_name_only');
if ($algo == 'full_name' && $fill <= 0) {
$separator = '.';
} else {
$separator = '';
}
if ($fill > 0) {
$suffix = (new ElggCrypto())->getRandomString($fill);
$username = "******";
}
$iterator = 0;
while (!$available) {
if ($iterator > 0) {
$username = "******";
}
$user = get_user_by_username($username);
$available = !$user;
try {
if ($available) {
validate_username($username);
}
} catch (Exception $e) {
if ($iterator >= 100) {
// too many failed attempts
$username = (new ElggCrypto())->getRandomString(8);
}
}
$iterator++;
}
access_show_hidden_entities($ha);
elgg_set_ignore_access($ia);
return strtolower($username);
}
/**
* Return application for a given application id
*
* @param string $application_id id of the applications
*
* @return ElggEntity|boolean
*/
function ws_pack_get_application_from_id($application_id)
{
$result = false;
if (!empty($application_id)) {
$hidden = access_get_show_hidden_status();
access_show_hidden_entities(true);
$options = array("type" => "object", "subtype" => APIApplication::SUBTYPE, "limit" => 1, "metadata_name_value_pairs" => array("application_id" => $application_id));
if ($entities = elgg_get_entities_from_metadata($options)) {
$result = $entities[0];
}
access_show_hidden_entities($hidden);
}
return $result;
}
/**
* Generates random unique username
* @return string
*/
public static function generateUsername()
{
$username = false;
$ia = elgg_set_ignore_access(true);
$ha = access_get_show_hidden_status();
access_show_hidden_entities(true);
while (!$username) {
$temp = "u" . rand(100000000, 999999999);
if (!get_user_by_username($temp)) {
$username = $temp;
}
}
access_show_hidden_entities($ha);
elgg_set_ignore_access($ia);
return $username;
}
public function testElggEnableAnnotations()
{
$e = new ElggObject();
$e->save();
for ($i = 0; $i < 30; $i++) {
$e->annotate('test_annotation', rand(0, 10000));
}
$options = array('guid' => $e->getGUID(), 'limit' => 0);
$this->assertTrue(elgg_disable_annotations($options));
// cannot see any annotations so returns null
$this->assertNull(elgg_enable_annotations($options));
access_show_hidden_entities(true);
$this->assertTrue(elgg_enable_annotations($options));
access_show_hidden_entities(false);
$annotations = elgg_get_annotations($options);
$this->assertIdentical(30, count($annotations));
$this->assertTrue($e->delete());
}
static function generateUsername($email)
{
list($username, $dummy) = explode("@", $email);
$username = preg_replace("/[^a-zA-Z0-9]+/", "", $username);
$hidden = access_get_show_hidden_status();
access_show_hidden_entities(true);
if (get_user_by_username($username)) {
$i = 1;
while (get_user_by_username($username . $i)) {
$i++;
}
$result = $username . $i;
} else {
$result = $username . $i;
}
access_show_hidden_entities($hidden);
return $result;
}
/**
* Handle Stripe webhooks
*/
function stripe_webhook_handler($environment)
{
$body = get_post_data();
$event_json = json_decode($body);
$event_id = $event_json->id;
$gateway = new StripeClient($environment);
$event = $gateway->getEvent($event_id);
if (!$event) {
return array('success' => false, 'message' => 'Stripe Event for this webhook was not found');
}
$ia = elgg_set_ignore_access(true);
$ha = access_get_show_hidden_status();
access_show_hidden_entities(true);
$result = elgg_trigger_plugin_hook_handler($event->type, 'stripe.events', array('environment' => $environment, 'event' => $event), array('success' => true));
access_show_hidden_entities($ha);
elgg_set_ignore_access($ia);
return $result;
}
/**
* Deletes expired entities.
* @return boolean
*/
function expirationdate_expire_entities($verbose = true)
{
$now = time();
$access = elgg_set_ignore_access(true);
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
if (!($entities = elgg_get_entities_from_metadata(array('metadata_names' => 'expirationdate', 'limit' => false)))) {
// no entities that need to expire.
return true;
}
foreach ($entities as $entity) {
if ($entity->expirationdate < $now) {
$guid = $entity->guid;
if (!elgg_trigger_plugin_hook('expirationdate:expire_entity', $entity->type, array('entity' => $entity), true)) {
continue;
}
// call the standard delete to allow for triggers, etc.
if ($entity->expirationdate_disable_only == 1) {
if ($entity->disable()) {
$return = expirationdate_unset($entity->getGUID());
$msg = "Disabled {$guid}<br>\n";
} else {
$msg = "Couldn't disable {$guid}<br>\n";
}
} else {
if ($entity->delete()) {
$msg = "Deleted {$guid}<br>\n";
} else {
$msg = "Couldn't delete {$guid}<br>\n";
}
}
} else {
if (!elgg_trigger_plugin_hook('expirationdate:will_expire_entity', $entity->type, array('expirationdate' => $entity->expirationdate, 'entity' => $entity), true)) {
continue;
}
}
if ($verbose) {
print $msg;
}
}
access_show_hidden_entities($access_status);
elgg_set_ignore_access($access);
return true;
}
/**
* Cron job
*/
function drop_unvalidated_cron()
{
// we depend on the user validation by email plugin
if (!function_exists('uservalidationbyemail_get_unvalidated_users_sql_where')) {
return;
}
$time_created = strtotime("-1 months");
elgg_set_ignore_access(true);
access_show_hidden_entities(true);
// only delete old ones.
$wheres = uservalidationbyemail_get_unvalidated_users_sql_where();
$wheres[] = "e.time_created < {$time_created}";
$options = array('type' => 'user', 'wheres' => $wheres, 'limit' => 50);
$entities = elgg_get_entities($options);
foreach ($entities as $entity) {
$entity->delete();
}
elgg_set_ignore_access(false);
}
public function process($end_ts)
{
_elgg_services()->access->setIgnoreAccess(true);
access_show_hidden_entities(true);
while (time() < $end_ts) {
$user = $this->queue->dequeue();
// end of queue
if ($user === null) {
return;
}
// don't break on bad data
if (!$user instanceof \ElggUser) {
echo "Guid: {$user->guid}. Expected ElggUser, got {$user->type}<br />\n";
return false;
}
echo "Deleting user {$user->username} ({$user->email}, {$user->guid})<br />\n";
$user->delete();
}
}
/**
* Handle requests to /welcome/
*
* @param array $page Page segments
*
* @return boolean
*/
function welcome_page_handler($page)
{
// User validation by email has disabled the user so we need to
// explicitly include hidden entities in the database query
$hidden_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
$user = get_user($page[0]);
// Set hidden entity status back to normal
access_show_hidden_entities($hidden_status);
if (!$user) {
forward();
}
set_input('guid', $user->guid);
$base = elgg_get_plugins_path() . 'welcome/pages/';
switch ($page[0]) {
default:
include $base . '/welcome.php';
break;
}
return true;
}
/**
* Listen to the upgrade event
*
* @param string $event name of the event
* @param string $type type of the event
* @param null $object supplied object
*
* @return void
*/
function content_subscriptions_upgrade_system_handler($event, $type, $object)
{
// Upgrade also possible hidden entities. This feature get run
// by an administrator so there's no need to ignore access.
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
// register an upgrade script
$options = array("type" => "user", "relationship" => CONTENT_SUBSCRIPTIONS_SUBSCRIPTION, "inverse_relationship" => true, "count" => true);
$count = elgg_get_entities_from_relationship($options);
if ($count) {
$path = "admin/upgrades/content_subscriptions";
$upgrade = new ElggUpgrade();
if (!$upgrade->getUpgradeFromPath($path)) {
$upgrade->setPath($path);
$upgrade->title = "Content Subscription upgrade";
$upgrade->description = "The way content subscriptions are handled has changed. Run this script to make sure all content subscriptions are migrated.";
$upgrade->save();
}
}
access_show_hidden_entities($access_status);
}
/**
* Listen to the upgrade event to make sure upgrades can be run
*
* @param string $event the name of the event
* @param string $type the type of the event
* @param null $object nothing
*
* @return void
*/
function thewire_tools_upgrade_system_event_handler($event, $type, $object)
{
// Upgrade also possible hidden entities. This feature get run
// by an administrator so there's no need to ignore access.
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
// register an upgrade script
$options = array("type" => "user", "plugin_id" => "thewire_tools", "plugin_user_setting_name" => "notify_mention", "count" => true);
$count = elgg_get_entities_from_plugin_user_settings($options);
if ($count) {
$path = "admin/upgrades/thewire_tools_mentions";
$upgrade = new ElggUpgrade();
if (!$upgrade->getUpgradeFromPath($path)) {
$upgrade->setPath($path);
$upgrade->title = "TheWire Tools mentions upgrade";
$upgrade->description = "The way mention notifications are handled has changed. Run this script to make sure all settings are migrated.";
$upgrade->save();
}
}
access_show_hidden_entities($access_status);
}
/**
* Listen to the upgrade event, to register a script
*
* @param string $event name of the event
* @param string $type type of the event
* @param null $object supplied object
*
* @return void
*/
public static function registerScript($event, $type, $object)
{
// Upgrade also possible hidden entities. This feature get run
// by an administrator so there's no need to ignore access.
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
// register an upgrade script
$options = array('type' => 'user', 'relationship' => CONTENT_SUBSCRIPTIONS_SUBSCRIPTION, 'inverse_relationship' => true, 'count' => true);
$count = elgg_get_entities_from_relationship($options);
if ($count) {
$path = 'admin/upgrades/content_subscriptions';
$upgrade = new \ElggUpgrade();
if (!$upgrade->getUpgradeFromPath($path)) {
$upgrade->setPath($path);
$upgrade->title = 'Content Subscription upgrade';
$upgrade->description = 'The way content subscriptions are handled has changed.
Run this script to make sure all content subscriptions are migrated.';
$upgrade->save();
}
}
access_show_hidden_entities($access_status);
}
/**
*
* Disable a new user pending email verification
*
* @param type $hook
* @param type $type
* @param type $return
* @param type $params
* @return type
*/
function disable_new_user($hook, $type, $value, $params)
{
$user = elgg_extract('user', $params);
if (!elgg_get_plugin_setting('email_validate', PLUGIN_ID)) {
return;
}
// no clue what's going on, so don't react.
if (!$user instanceof \ElggUser) {
return;
}
// another plugin is requesting that registration be terminated
// no need for uservalidationbyemail
if (!$value) {
return $value;
}
// has the user already been validated?
if (elgg_get_user_validation_status($user->guid) == true) {
return $value;
}
// disable user to prevent showing up on the site
// set context so our canEdit() override works
elgg_push_context('stormpath_new_user');
$hidden_entities = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
// Don't do a recursive disable. Any entities owned by the user at this point
// are products of plugins that hook into create user and might need
// access to the entities.
// @todo That ^ sounds like a specific case...would be nice to track it down...
$user->disable('stormpath_new_user', FALSE);
// set user as unvalidated and send out validation email
elgg_set_user_validation_status($user->guid, FALSE);
// trigger the stormpath email validation
elgg_pop_context();
access_show_hidden_entities($hidden_entities);
return $value;
}
/**
* Ensure that \ElggBatch doesn't go into infinite loop when disabling annotations recursively when show hidden is enabled.
*
* https://github.com/Elgg/Elgg/issues/5952
*/
public function test_disabling_annotations_infinite_loop()
{
//let's have some entity
$group = new \ElggGroup();
$group->name = 'test_group';
$group->access_id = ACCESS_PUBLIC;
$this->assertTrue($group->save() !== false);
$total = 51;
//add some annotations
for ($cnt = 0; $cnt < $total; $cnt++) {
$group->annotate('test_annotation', 'value_' . $total);
}
//disable them
$show_hidden = access_get_show_hidden_status();
access_show_hidden_entities(true);
$options = array('guid' => $group->guid, 'limit' => $total);
elgg_disable_annotations($options);
access_show_hidden_entities($show_hidden);
//confirm all being disabled
$annotations = $group->getAnnotations(array('limit' => $total));
foreach ($annotations as $annotation) {
$this->assertTrue($annotation->enabled == 'no');
}
//delete group and annotations
$group->delete();
}
}
} else {
// user not found so invite based on email address
$invite_result = group_tools_invite_email($group, $email, $text, $resend);
if ($invite_result === true) {
$invited++;
} elseif ($invite_result === null) {
$already_invited++;
}
}
}
}
}
}
// restore hidden users
access_show_hidden_entities($hidden);
// which message to show
if (!empty($invited) || !empty($join)) {
elgg_clear_sticky_form('group_invite');
if (!$adding) {
system_message(elgg_echo("group_tools:action:invite:success:invite", array($invited, $already_invited, $member)));
} else {
system_message(elgg_echo("group_tools:action:invite:success:add", array($join, $already_invited, $member)));
}
} else {
if (!$adding) {
register_error(elgg_echo("group_tools:action:invite:error:invite", array($already_invited, $member)));
} else {
register_error(elgg_echo("group_tools:action:invite:error:add", array($already_invited, $member)));
}
}
function elgg_solr_get_system_count($options, $starttime, $endtime)
{
$options['wheres'] = array("e.time_created >= {$starttime}", "e.time_created <= {$endtime}");
$options['count'] = true;
$access = access_get_show_hidden_status();
access_show_hidden_entities(true);
$count = elgg_get_entities($options);
access_show_hidden_entities($access);
return $count;
}
break;
}
});
// Delete messages from a user who is being deleted
// TODO(ewinslow): Move to Elgg core??
elgg_register_event_handler('delete', 'user', function ($event, $type, $user) {
// make sure we delete them all
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$messages = elgg_get_entities_from_metadata(array('type' => 'object', 'subtype' => 'messages', 'metadata_name' => 'fromId', 'metadata_value' => $user->getGUID(), 'limit' => 0));
if ($messages) {
foreach ($messages as $e) {
$e->delete();
}
}
access_show_hidden_entities($entity_disable_override);
});
// convert messageboard to private message interface
elgg_register_widget_type('messageboard', elgg_echo("customizations:widget:pm"), elgg_echo("customizations:widget:pm:desc"), array("profile"));
// Forward to referrer if posting PM from a widget
elgg_register_plugin_hook_handler('forward', 'system', function () {
if (get_input('pm_widget') == true) {
return $_SERVER['HTTP_REFERER'];
}
});
// do not want the pages link in hover menu
elgg_unextend_view('profile/menu/links', 'pages/menu');
// button for flushing apc cache
elgg_register_plugin_hook_handler('register', 'menu:admin_control_panel', function ($hook, $type, $menu, $params) {
$options = array('name' => 'flush_apc', 'text' => elgg_echo('apc:flush'), 'href' => 'action/admin/flush_apc', 'is_action' => true, 'link_class' => 'elgg-button elgg-button-action');
$menu[] = ElggMenuItem::factory($options);
*
* Register comment subtype and add ElggUpgrade for ajax upgrade.
*
* We do not migrate comments in this upgrade. See the comment
* upgrade action in actions/admin/upgrades/upgrade_comments.php for that.
*/
// Register subtype and class for comments
if (get_subtype_id('object', 'comment')) {
update_subtype('object', 'comment', 'ElggComment');
} else {
add_subtype('object', 'comment', 'ElggComment');
}
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
$ia = elgg_set_ignore_access(true);
// add ElggUpgrade object if need to migrate comments
$options = array('annotation_names' => 'generic_comment', 'order_by' => 'n_table.id DESC', 'count' => true);
if (elgg_get_annotations($options)) {
$url = "admin/upgrades/comments";
$upgrade = new ElggUpgrade();
// Create the upgrade if one with the same URL doesn't already exist
if (!$upgrade->getUpgradeFromURL($url)) {
$upgrade->setURL($url);
$upgrade->title = 'Comments Upgrade';
$upgrade->description = 'Comments have been improved in Elgg 1.9 and require a migration. Run this upgrade to complete the migration.';
$upgrade->save();
}
}
elgg_set_ignore_access($ia);
access_show_hidden_entities($access_status);
/**
* Deletes the entity.
*
* Removes the entity and its metadata, annotations, relationships,
* river entries, and private data.
*
* Optionally can remove entities contained and owned by this entity.
*
* @warning If deleting recursively, this bypasses ownership of items contained by
* the entity. That means that if the container_guid = $this->guid, the item will
* be deleted regardless of who owns it.
*
* @param bool $recursive If true (default) then all entities which are
* owned or contained by $this will also be deleted.
*
* @return bool
*/
public function delete($recursive = true)
{
$guid = $this->guid;
if (!$guid) {
return false;
}
// first check if we can delete this entity
// NOTE: in Elgg <= 1.10.3 this was after the delete event,
// which could potentially remove some content if the user didn't have access
if (!$this->canDelete()) {
return false;
}
// now trigger an event to let others know this entity is about to be deleted
// so they can prevent it or take their own actions
if (!_elgg_services()->events->trigger('delete', $this->type, $this)) {
return false;
}
if ($this instanceof ElggUser) {
// ban to prevent using the site during delete
_elgg_services()->usersTable->markBanned($this->guid, true);
}
// Delete contained owned and otherwise releated objects (depth first)
if ($recursive) {
// Temporarily overriding access controls
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$ia = elgg_set_ignore_access(true);
// @todo there was logic in the original code that ignored
// entities with owner or container guids of themselves.
// this should probably be prevented in \ElggEntity instead of checked for here
$options = array('wheres' => array("((container_guid = {$guid} OR owner_guid = {$guid})" . " AND guid != {$guid})"), 'limit' => 0);
$batch = new \ElggBatch('elgg_get_entities', $options);
$batch->setIncrementOffset(false);
foreach ($batch as $e) {
$e->delete(true);
}
access_show_hidden_entities($entity_disable_override);
elgg_set_ignore_access($ia);
}
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$ia = elgg_set_ignore_access(true);
// Now delete the entity itself
$this->deleteMetadata();
$this->deleteOwnedMetadata();
$this->deleteAnnotations();
$this->deleteOwnedAnnotations();
$this->deleteRelationships();
$this->deleteAccessCollectionMemberships();
$this->deleteOwnedAccessCollections();
access_show_hidden_entities($entity_disable_override);
elgg_set_ignore_access($ia);
_elgg_delete_river(array('subject_guid' => $guid));
_elgg_delete_river(array('object_guid' => $guid));
_elgg_delete_river(array('target_guid' => $guid));
remove_all_private_settings($guid);
_elgg_invalidate_cache_for_entity($guid);
_elgg_invalidate_memcache_for_entity($guid);
$dbprefix = elgg_get_config('dbprefix');
$sql = "\n\t\t\tDELETE FROM {$dbprefix}entities\n\t\t\tWHERE guid = :guid\n\t\t";
$params = [':guid' => $guid];
$deleted = $this->getDatabase()->deleteData($sql, $params);
if ($deleted && in_array($this->type, ['object', 'user', 'group', 'site'])) {
// delete from type-specific subtable
$sql = "\n\t\t\t\tDELETE FROM {$dbprefix}{$this->type}s_entity\n\t\t\t\tWHERE guid = :guid\n\t\t\t";
$this->getDatabase()->deleteData($sql, $params);
}
_elgg_clear_entity_files($this);
return (bool) $deleted;
}
/**
* Prevent a manual code login with login().
*
* @param string $event
* @param string $type
* @param ElggUser $user
* @return bool
*
* @throws LoginException
*/
function uservalidationbyemail_check_manual_login($event, $type, $user)
{
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
if ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) {
// send new validation email
uservalidationbyemail_request_validation($user->getGUID());
// restore hidden entities settings
access_show_hidden_entities($access_status);
// throw error so we get a nice error message
throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
}
access_show_hidden_entities($access_status);
}
/**
* Set a user's username
* Returns null if no change is required or input is not present in the form
* Returns true or false indicating success or failure if change was needed
*
* @return bool|void
*
* @since 3.0
*
* @access private
*/
function _elgg_set_user_username()
{
$username = get_input('username');
$user_guid = get_input('guid');
if (!isset($username)) {
return;
}
if (!elgg_is_admin_logged_in()) {
return;
}
$user = get_user($user_guid);
if (empty($user)) {
return;
}
if ($user->username === $username) {
return;
}
// check if username is valid and does not exist
try {
if (validate_username($username)) {
$found = false;
// make sure we can check every user (even unvalidated)
$hidden = access_show_hidden_entities(true);
if (get_user_by_username($username)) {
$found = true;
}
// restore access settings
access_show_hidden_entities($hidden);
if ($found) {
register_error(elgg_echo('registration:userexists'));
return false;
}
}
} catch (Exception $e) {
register_error($e->getMessage());
return false;
}
$user->username = $username;
if ($user->save()) {
// correctly forward after after a username change
elgg_register_plugin_hook_handler('forward', 'all', function () use($username) {
return "settings/user/{$username}";
});
system_message(elgg_echo('user:username:success'));
return true;
}
register_error(elgg_echo('user:username:fail'));
return false;
}
