/**
* This is a option-less authentication. Either your login works or it doesn't.
* Other apps implementing this interface may need to know what you're trying to do
* in order to make a decision; $pa_options is an associative array of User handler-specific
* keys and values that can contain such information
*/
public function authenticate(&$ps_username, $ps_password = "", $pa_options = null)
{
// if user doesn't exist, try creating it through the authentication backend, if the backend supports it
if (strlen($ps_username) > 0 && !$this->load($ps_username)) {
if (AuthenticationManager::supports(__CA_AUTH_ADAPTER_FEATURE_AUTOCREATE_USERS__)) {
try {
$va_values = AuthenticationManager::getUserInfo($ps_username, $ps_password);
} catch (Exception $e) {
$this->opo_log->log(array('CODE' => 'SYS', 'SOURCE' => 'ca_users/authenticate', 'MESSAGE' => _t('There was an error while trying to fetch information for a new user from the current authentication backend. The message was %1 : %2', get_class($e), $e->getMessage())));
return false;
}
if (!is_array($va_values) || sizeof($va_values) < 1) {
return false;
}
// @todo: check sanity on values from plugins before inserting them?
foreach ($va_values as $vs_k => $vs_v) {
if (in_array($vs_k, array('roles', 'groups'))) {
continue;
}
$this->set($vs_k, $vs_v);
}
$vn_mode = $this->getMode();
$this->setMode(ACCESS_WRITE);
$this->insert();
if (!$this->getPrimaryKey()) {
$this->setMode($vn_mode);
$this->opo_log->log(array('CODE' => 'SYS', 'SOURCE' => 'ca_users/authenticate', 'MESSAGE' => _t('User could not be created after getting info from authentication adapter. API message was: %1', join(" ", $this->getErrors()))));
return false;
}
if (is_array($va_values['groups']) && sizeof($va_values['groups']) > 0) {
$this->addToGroups($va_values['groups']);
}
if (is_array($va_values['roles']) && sizeof($va_values['roles']) > 0) {
$this->addRoles($va_values['roles']);
}
if (is_array($va_values['preferences']) && sizeof($va_values['preferences']) > 0) {
foreach ($va_values['preferences'] as $vs_pref => $vs_pref_val) {
$this->setPreference($vs_pref, $vs_pref_val);
}
}
$this->update();
// restore mode
$this->setMode($vn_mode);
}
}
if (AuthenticationManager::authenticate($ps_username, $ps_password, $pa_options)) {
$this->load($ps_username);
return true;
}
// check ips
if (!isset($pa_options["dont_check_ips"]) || !$pa_options["dont_check_ips"]) {
if ($vn_user_id = $this->ipAuthenticate()) {
if ($this->load($vn_user_id)) {
$ps_username = $this->get("user_name");
return 2;
}
}
}
return false;
}
public function Save()
{
AssetLoadManager::register('tableList');
$t_user = $this->getUserObject();
$this->opo_app_plugin_manager->hookBeforeUserSaveData(array('user_id' => $t_user->getPrimaryKey(), 'instance' => $t_user));
$vb_send_activation_email = false;
if ($t_user->get("user_id") && $this->request->config->get("email_user_when_account_activated") && $_REQUEST["active"] != $t_user->get("active")) {
$vb_send_activation_email = true;
}
$t_user->setMode(ACCESS_WRITE);
foreach ($t_user->getFormFields() as $vs_f => $va_field_info) {
// dont get/set password if backend doesn't support it
if ($vs_f == 'password' && !AuthenticationManager::supports(__CA_AUTH_ADAPTER_FEATURE_UPDATE_PASSWORDS__)) {
continue;
}
$t_user->set($vs_f, $_REQUEST[$vs_f]);
if ($t_user->numErrors()) {
$this->request->addActionErrors($t_user->errors(), 'field_' . $vs_f);
}
}
if ($this->request->getParameter('entity_id', pInteger) == 0) {
$t_user->set('entity_id', null);
}
if (AuthenticationManager::supports(__CA_AUTH_ADAPTER_FEATURE_UPDATE_PASSWORDS__)) {
if ($this->request->getParameter('password', pString) != $this->request->getParameter('password_confirm', pString)) {
$this->request->addActionError(new ApplicationError(1050, _t("Password does not match confirmation. Please try again."), "administrate/UserController->Save()", '', false, false), 'field_password');
}
}
AppNavigation::clearMenuBarCache($this->request);
// clear menu bar cache since changes may affect content
if ($this->request->numActionErrors() == 0) {
if (!$t_user->getPrimaryKey()) {
$t_user->insert();
$vs_message = _t("Added user");
} else {
$t_user->update();
$vs_message = _t("Saved changes to user");
}
$this->opo_app_plugin_manager->hookAfterUserSaveData(array('user_id' => $t_user->getPrimaryKey(), 'instance' => $t_user));
if ($t_user->numErrors()) {
foreach ($t_user->errors() as $o_e) {
$this->request->addActionError($o_e, 'general');
$this->notification->addNotification($o_e->getErrorDescription(), __NOTIFICATION_TYPE_ERROR__);
}
} else {
// Save roles
$va_set_user_roles = $this->request->getParameter('roles', pArray);
if (!is_array($va_set_user_roles)) {
$va_set_user_roles = array();
}
$va_existing_user_roles = $t_user->getUserRoles();
$va_role_list = $t_user->getRoleList();
foreach ($va_role_list as $vn_role_id => $va_role_info) {
if ($va_existing_user_roles[$vn_role_id] && !in_array($vn_role_id, $va_set_user_roles)) {
// remove role
$t_user->removeRoles($vn_role_id);
continue;
}
if (!$va_existing_user_roles[$vn_role_id] && in_array($vn_role_id, $va_set_user_roles)) {
// add role
$t_user->addRoles($vn_role_id);
continue;
}
}
// Save groups
$va_set_user_groups = $this->request->getParameter('groups', pArray);
if (!is_array($va_set_user_groups)) {
$va_set_user_groups = array();
}
$va_existing_user_groups = $t_user->getUserGroups();
$va_group_list = $t_user->getGroupList();
foreach ($va_group_list as $vn_group_id => $va_group_info) {
if ($va_existing_user_groups[$vn_group_id] && !in_array($vn_group_id, $va_set_user_groups)) {
// remove group
$t_user->removeFromGroups($vn_group_id);
continue;
}
if (!$va_existing_user_groups[$vn_group_id] && in_array($vn_group_id, $va_set_user_groups)) {
// add group
$t_user->addToGroups($vn_group_id);
continue;
}
}
// Save profile prefs
$va_profile_prefs = $t_user->getValidPreferences('profile');
if (is_array($va_profile_prefs) && sizeof($va_profile_prefs)) {
$this->opo_app_plugin_manager->hookBeforeUserSavePrefs(array('user_id' => $t_user->getPrimaryKey(), 'instance' => $t_user));
$va_changed_prefs = array();
foreach ($va_profile_prefs as $vs_pref) {
if ($this->request->getParameter('pref_' . $vs_pref, pString) != $t_user->getPreference($vs_pref)) {
$va_changed_prefs[$vs_pref] = true;
}
$t_user->setPreference($vs_pref, $this->request->getParameter('pref_' . $vs_pref, pString));
}
$t_user->update();
$this->opo_app_plugin_manager->hookAfterUserSavePrefs(array('user_id' => $t_user->getPrimaryKey(), 'instance' => $t_user, 'modified_prefs' => $va_changed_prefs));
}
if ($vb_send_activation_email) {
# --- send email confirmation
$o_view = new View($this->request, array($this->request->getViewsDirectoryPath()));
# -- generate email subject line from template
$vs_subject_line = $o_view->render("mailTemplates/account_activation_subject.tpl");
# -- generate mail text from template - get both the text and the html versions
$vs_mail_message_text = $o_view->render("mailTemplates/account_activation.tpl");
$vs_mail_message_html = $o_view->render("mailTemplates/account_activation_html.tpl");
caSendmail($t_user->get('email'), $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html);
}
$this->notification->addNotification($vs_message, __NOTIFICATION_TYPE_INFO__);
}
} else {
$this->notification->addNotification(_t("Your entry has errors. See below for details."), __NOTIFICATION_TYPE_ERROR__);
}
if ($this->request->numActionErrors()) {
$this->render('user_edit_html.php');
} else {
// success
// If we are editing the user record of the currently logged in user
// we have a problem: the request object flushes out changes to its own user object
// for the logged-in user at the end of the request overwriting any changes we've made.
//
// To avoid this we check here to see if we're editing the currently logged-in
// user and reload the request's copy if needed.
if ($t_user->getPrimaryKey() == $this->request->user->getPrimaryKey()) {
$this->request->user->load($t_user->getPrimaryKey());
}
$this->ListUsers();
}
}
public function DoReset()
{
if (!AuthenticationManager::supports(__CA_AUTH_ADAPTER_FEATURE_RESET_PASSWORDS__)) {
$this->Login();
return;
}
$vs_token = $this->getRequest()->getParameter('token', pString);
$vs_username = $this->getRequest()->getParameter('username', pString);
$t_user = new ca_users();
$vs_pw = $this->getRequest()->getParameter('password', pString);
$vs_pw_check = $this->getRequest()->getParameter('password2', pString);
if ($t_user->load($vs_username)) {
if ($t_user->isValidToken($vs_token)) {
// no password match
if ($vs_pw !== $vs_pw_check) {
$this->notification->addNotification(_t("Passwords did not match. Please try again."), __NOTIFICATION_TYPE_ERROR__);
$this->view->setVar('notifications', $this->notification->getNotifications());
$this->view->setVar('renderForm', true);
$this->view->setVar('token', $vs_token);
$this->view->setVar('username', $vs_username);
$this->render('password_reset_form_html.php');
} else {
$t_user->set('password', $vs_pw);
$t_user->setMode(ACCESS_WRITE);
$t_user->update();
$this->notification->addNotification(_t("Password was successfully changed. You can now log in with your new password."), __NOTIFICATION_TYPE_INFO__);
$this->view->setVar('notifications', $this->notification->getNotifications());
$this->Login();
}
}
}
}
print caFormSubmitButton($this->request, __CA_NAV_BUTTON_LOGIN__, _t("Login"), "login", array('icon_position' => __CA_NAV_BUTTON_ICON_POS_RIGHT__));
?>
</div>
<script type="text/javascript">
jQuery(document).ready(function() {
var pdfInfo = caUI.utils.getAcrobatInfo();
jQuery("#login").append(
"<input type='hidden' name='_screen_width' value='"+ screen.width + "'/>" +
"<input type='hidden' name='_screen_height' value='"+ screen.height + "'/>" +
"<input type='hidden' name='_has_pdf_plugin' value='"+ ((pdfInfo && pdfInfo['acrobat'] && (pdfInfo['acrobat'] === 'installed')) ? 1 : 0) + "'/>"
);
});
</script>
</form>
<?php
if (AuthenticationManager::supports(__CA_AUTH_ADAPTER_FEATURE_RESET_PASSWORDS__)) {
?>
<div id="forgotLink"><?php
print caNavLink($this->request, _t("Forgot your password?"), 'forgotLink', 'system/auth', 'forgot', '');
?>
</div>
<?php
} else {
if ($vs_adapter_account_link = AuthenticationManager::getAccountManagementLink()) {
?>
<div id="forgotLink"><a href="<?php
print $vs_adapter_account_link;
?>
" target="_blank"><?php
print _t("Manage your account");
?>
