$query = "UPDATE auth_user_md5 SET perms = 'autor' WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($user->id));
if ($statement->rowCount() == 0) {
$error = _('Fehler! Bitte wenden Sie sich an den Systemadministrator.');
$details = array($query);
$message = MessageBox::error($error, $details);
} else {
$success = _('Ihr Status wurde erfolgreich auf <em>autor</em> gesetzt.<br>
Damit dürfen Sie in den meisten Veranstaltungen schreiben, für die Sie sich anmelden.');
$details = array();
$details[] = _('Einige Veranstaltungen erfordern allerdings bei der Anmeldung die Eingabe eines Passwortes.
Dieses Passwort erfahren Sie von den Lehrenden der Veranstaltung.');
$message = MessageBox::success($success, $details);
// Auto-Inserts
AutoInsert::instance()->saveUser($user->id, "autor");
$auth->logout();
// einen Logout durchführen, um erneuten Login zu erzwingen
$info = sprintf(_('Die Statusänderung wird erst nach einem erneuten %sLogin%s wirksam!<br>
Deshalb wurden Sie jetzt automatisch ausgeloggt.'), '<a href="index.php?again=yes"><em>', '</em></a>');
$message .= MessageBox::info($info);
}
}
}
}
}
$template = $GLOBALS['template_factory']->open('email-validation');
$template->set_layout($GLOBALS['template_factory']->open('layouts/base_without_infobox'));
$template->message = $message;
echo $template->render();
page_close();
/**
* initialize a new user
*
* this method is invoked for one time, if a new user logs in ($this->is_new_user is true)
* place special treatment of new users here
*
* @access private
* @param
* User the user object
* @return bool
*/
function doNewUserInit($user)
{
// auto insertion of new users, according to $AUTO_INSERT_SEM[] (defined in local.inc)
AutoInsert::instance()->saveUser($user->id, $user->perms);
}
/**
* Imports a line of the table into the Stud.IP database if the check returns no errors.
* @param array $line : array of fields
* @return array : array('found' => true|false, 'errors' => "Error message", 'pk' => "primary key")
*/
public function importLine($line)
{
$plugin = $this->getPlugin();
$classname = $this['import_type'];
if (!$classname) {
return array();
}
$data = $this->getMappedData($line);
$pk = $this->getPrimaryKey($data);
//Last chance to quit:
$error = $this->checkLine($line, $data, $pk);
$output = array();
$object = new $classname($pk);
if (!$object->isNew()) {
$output['found'] = true;
$output['pk'] = $pk;
foreach ((array) $this['tabledata']['ignoreonupdate'] as $fieldname) {
unset($data[$fieldname]);
}
} else {
$output['found'] = false;
}
foreach ($data as $fieldname => $value) {
if ($value !== false && in_array($fieldname, $this->getTargetFields())) {
$object[$fieldname] = $value;
if ($classname === "User" && $fieldname === "password") {
$object[$fieldname] = UserManagement::getPwdHasher()->HashPassword($value);
}
}
}
if (method_exists($object, "getFullName")) {
$error['name'] = $output['name'] = $object->getFullName();
} elseif ($object->isField("name")) {
$error['name'] = $output['name'] = $object['name'];
} elseif ($object->isField("title")) {
$error['name'] = $output['name'] = $object['title'];
}
if ($error && $error['errors']) {
//exit here to have the name of the object in the log
return $error;
}
if ($plugin) {
$plugin->beforeUpdate($object, $line, $data);
}
$object->store();
$output['pk'] = (array) $object->getId();
//Dynamic special fields:
switch ($classname) {
case "Course":
//fleximport_dozenten
foreach ($data['fleximport_dozenten'] as $dozent_id) {
$seminar = new Seminar($object->getId());
$seminar->addMember($dozent_id, 'dozent');
}
//fleximport_related_institutes
if (!$data['fleximport_related_institutes']) {
$data['fleximport_related_institutes'] = array($object['institut_id']);
} else {
if (!in_array($object['institut_id'], $data['fleximport_related_institutes'])) {
$data['fleximport_related_institutes'][] = $object['institut_id'];
}
}
foreach ($data['fleximport_related_institutes'] as $institut_id) {
$insert = DBManager::get()->prepare("\n INSERT IGNORE INTO seminar_inst\n SET seminar_id = :seminar_id,\n institut_id = :institut_id\n ");
$insert->execute(array('seminar_id' => $object->getId(), 'institut_id' => $institut_id));
}
if ($this['tabledata']['simplematching']["fleximport_course_userdomains"]['column'] || in_array("fleximport_course_userdomains", $this->fieldsToBeDynamicallyMapped())) {
$statement = DBManager::get()->prepare("\n SELECT userdomain_id\n FROM seminar_userdomains\n WHERE seminar_id = ?\n ");
$statement->execute(array($object->getId()));
$olddomains = $statement->fetchAll(PDO::FETCH_COLUMN, 0);
foreach (array_diff($data['fleximport_user_inst'], $olddomains) as $to_add) {
$domain = new UserDomain($to_add);
$domain->addSeminar($object->getId());
}
foreach (array_diff($olddomains, $data['fleximport_user_inst']) as $to_remove) {
$domain = new UserDomain($to_remove);
$domain->removeSeminar($object->getId());
}
}
break;
case "User":
if ($this['tabledata']['simplematching']["fleximport_user_inst"]['column'] || in_array("fleximport_user_inst", $this->fieldsToBeDynamicallyMapped())) {
if ($object['perms'] !== "root") {
foreach ($data['fleximport_user_inst'] as $institut_id) {
$member = new InstituteMember(array($object->getId(), $institut_id));
$member['inst_perms'] = $object['perms'];
$member->store();
}
}
}
if ($this['tabledata']['simplematching']["fleximport_userdomains"]['column'] || in_array("fleximport_userdomains", $this->fieldsToBeDynamicallyMapped())) {
$olddomains = UserDomain::getUserDomainsForUser($object->getId());
foreach ($olddomains as $olddomain) {
if (!in_array($olddomain->getID(), (array) $data['fleximport_userdomains'])) {
$olddomain->removeUser($object->getId());
}
}
foreach ($data['fleximport_userdomains'] as $userdomain) {
$domain = new UserDomain($userdomain);
$domain->addUser($object->getId());
}
AutoInsert::instance()->saveUser($object->getId());
foreach ($data['fleximport_userdomains'] as $domain_id) {
if (!in_array($domain_id, $olddomains)) {
$welcome = FleximportConfig::get("USERDOMAIN_WELCOME_" . $domain_id);
if ($welcome) {
foreach ($object->toArray() as $field => $value) {
$welcome = str_replace("{{" . $field . "}}", $value, $welcome);
}
foreach ($line as $field => $value) {
$welcome = str_replace("{{" . $field . "}}", $value, $welcome);
}
if (strpos($welcome, "\n") === false) {
$subject = _("Willkommen!");
} else {
$subject = strstr($welcome, "\n", true);
$welcome = substr($welcome, strpos($welcome, "\n") + 1);
}
$messaging = new messaging();
$count = $messaging->insert_message($welcome, $object->username, '____%system%____', null, null, null, null, $subject, true, 'normal');
}
}
}
}
if ($this['tabledata']['simplematching']["fleximport_expiration_date"]['column'] || in_array("fleximport_expiration_date", $this->fieldsToBeDynamicallyMapped())) {
if ($data['fleximport_expiration_date']) {
UserConfig::get($object->getId())->store("EXPIRATION_DATE", $data['fleximport_expiration_date']);
} else {
UserConfig::get($object->getId())->delete("EXPIRATION_DATE");
}
}
if ($output['found'] === false && $data['fleximport_welcome_message'] !== "none") {
$user_language = getUserLanguagePath($object->getId());
setTempLanguage(false, $user_language);
if ($data['fleximport_welcome_message'] && FleximportConfig::get($data['fleximport_welcome_message'])) {
$message = FleximportConfig::get($data['fleximport_welcome_message']);
foreach ($data as $field => $value) {
$message = str_replace("{{" . $field . "}}", $value, $message);
}
foreach ($line as $field => $value) {
if (!in_array($field, $data)) {
$message = str_replace("{{" . $field . "}}", $value, $message);
}
}
if (strpos($message, "\n") === false) {
$subject = dgettext($user_language, "Anmeldung Stud.IP-System");
} else {
$subject = strstr($message, "\n", true);
$message = substr($message, strpos($message, "\n") + 1);
}
} else {
$Zeit = date("H:i:s, d.m.Y", time());
$this->user_data = array('auth_user_md5.username' => $object['username'], 'auth_user_md5.perms' => $object['perms'], 'auth_user_md5.Vorname' => $object['vorname'], 'auth_user_md5.Nachname' => $object['nachname'], 'auth_user_md5.Email' => $object['email']);
$password = $data['password'];
//this is the not hashed password in cleartext
include "locale/{$user_language}/LC_MAILS/create_mail.inc.php";
$message = $mailbody;
}
if ($message) {
$mail = new StudipMail();
$mail->addRecipient($object['email'], $object->getFullName());
$mail->setSubject($subject);
$mail->setBodyText($message);
$mail->setBodyHtml(formatReady($message));
if (Config::get()->MAILQUEUE_ENABLE) {
MailQueueEntry::add($mail);
} else {
$mail->send();
}
}
restoreLanguage();
}
break;
}
//Datafields:
$datafields = array();
switch ($classname) {
case "Course":
$datafields = Datafield::findBySQL("object_type = 'sem'");
break;
case "User":
$datafields = Datafield::findBySQL("object_type = 'user'");
break;
case "CourseMember":
$datafields = Datafield::findBySQL("object_type = 'usersemdata'");
break;
}
foreach ($datafields as $datafield) {
$fieldname = $datafield['name'];
if (isset($data[$fieldname])) {
$entry = new DatafieldEntryModel(array($datafield->getId(), $object->getId(), ""));
$entry['content'] = $data[$fieldname];
$entry->store();
}
}
if ($classname === "Course") {
if ($this['tabledata']['simplematching']["fleximport_studyarea"]['column'] || in_array("fleximport_studyarea", $this->fieldsToBeDynamicallyMapped())) {
//Studienbereiche:
$remove = DBManager::get()->prepare("\n DELETE FROM seminar_sem_tree\n WHERE seminar_id = :seminar_id\n ");
$remove->execute(array('seminar_id' => $object->getId()));
if ($GLOBALS['SEM_CLASS'][$GLOBALS['SEM_TYPE'][$data['status']]['class']]['bereiche']) {
foreach ($data['fleximport_studyarea'] as $sem_tree_id) {
$insert = DBManager::get()->prepare("\n INSERT IGNORE INTO seminar_sem_tree\n SET sem_tree_id = :sem_tree_id,\n seminar_id = :seminar_id\n ");
$insert->execute(array('sem_tree_id' => $sem_tree_id, 'seminar_id' => $object->getId()));
}
}
}
if ($this['tabledata']['simplematching']["fleximport_locked"]['column'] || in_array("fleximport_locked", $this->fieldsToBeDynamicallyMapped())) {
//Lock or unlock course
if ($data['fleximport_locked']) {
CourseSet::addCourseToSet(CourseSet::getGlobalLockedAdmissionSetId(), $object->getId());
} elseif (in_array($data['fleximport_locked'], array("0", 0)) && $data['fleximport_locked'] !== "") {
CourseSet::removeCourseFromSet(CourseSet::getGlobalLockedAdmissionSetId(), $object->getId());
}
}
$folder_exist = DBManager::get()->prepare("\n SELECT 1 FROM folder WHERE range_id = ?\n ");
$folder_exist->execute(array($object->getId()));
if (!$folder_exist->fetch()) {
$insert_folder = DBManager::get()->prepare("\n INSERT IGNORE INTO folder\n SET folder_id = MD5(CONCAT(:seminar_id, 'allgemeine_dateien')),\n range_id = :seminar_id,\n user_id = :user_id,\n name = :name,\n description = :description,\n mkdate = UNIX_TIMESTAMP(),\n chdate = UNIX_TIMESTAMP()\n ");
$insert_folder->execute(array('seminar_id' => $object->getId(), 'user_id' => $GLOBALS['user']->id, 'name' => _("Allgemeiner Dateiordner"), 'description' => _("Ablage für allgemeine Ordner und Dokumente der Veranstaltung")));
}
}
if ($plugin && !$object->isNew()) {
$plugin->afterUpdate($object, $line);
}
return $output;
}
/**
* Change an existing studip user according to the given parameters
*
* @access public
* @param array structure: array('string table_name.field_name'=>'string value')
* @return bool Change successful?
*/
function changeUser($newuser)
{
global $perm;
// Do we have permission to do so?
if (!$perm->have_perm("admin")) {
$this->msg .= "error§" . _("Sie haben keine Berechtigung Accounts zu verändern.") . "§";
return FALSE;
}
if (!$perm->is_fak_admin() && $newuser['auth_user_md5.perms'] == "admin") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung, <em>Admin-Accounts</em> anzulegen.") . "§";
return FALSE;
}
if (!$perm->have_perm("root") && $newuser['auth_user_md5.perms'] == "root") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung, <em>Root-Accounts</em> anzulegen.") . "§";
return FALSE;
}
if (!$perm->have_perm("root")) {
if (!$perm->is_fak_admin() && $this->user_data['auth_user_md5.perms'] == "admin") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Admin-Accounts</em> zu verändern.") . "§";
return FALSE;
}
if ($this->user_data['auth_user_md5.perms'] == "root") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Root-Accounts</em> zu verändern.") . "§";
return FALSE;
}
if ($perm->is_fak_admin() && $this->user_data['auth_user_md5.perms'] == "admin") {
if (!$this->adminOK()) {
$this->msg .= "error§" . _("Sie haben keine Berechtigung diesen Admin-Account zu verändern.") . "§";
return FALSE;
}
}
}
// active dozent? (ignore the studygroup guys)
$status = studygroup_sem_types();
if (empty($status)) {
$count = 0;
} else {
$query = "SELECT COUNT(*)\n FROM seminar_user AS su\n LEFT JOIN seminare AS s USING (Seminar_id)\n WHERE su.user_id = ?\n AND s.status NOT IN (?)\n AND su.status = 'dozent'\n AND (SELECT COUNT(*) FROM seminar_user su2 WHERE Seminar_id = su.Seminar_id AND su2.status = 'dozent') = 1\n GROUP BY user_id";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id'], $status));
$count = $statement->fetchColumn();
}
if ($count && isset($newuser['auth_user_md5.perms']) && $newuser['auth_user_md5.perms'] != "dozent") {
$this->msg .= sprintf("error§" . _("Der Benutzer <em>%s</em> ist alleiniger Dozent in %s aktiven Veranstaltungen und kann daher nicht in einen anderen Status versetzt werden!") . "§", $this->user_data['auth_user_md5.username'], $count);
return FALSE;
}
// active admin?
if ($this->user_data['auth_user_md5.perms'] == 'admin' && $newuser['auth_user_md5.perms'] != 'admin') {
// count number of institutes where the user is admin
$query = "SELECT COUNT(*)\n FROM user_inst\n WHERE user_id = ? AND inst_perms = 'admin'\n GROUP BY Institut_id";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
// if there are institutes with admin-perms, add error-message and deny change
if ($count = $statement->fetchColumn()) {
$this->msg .= sprintf('error§' . _("Der Benutzer <em>%s</em> ist Admin in %s Einrichtungen und kann daher nicht in einen anderen Status versetzt werden!") . '§', $this->user_data['auth_user_md5.username'], $count);
return false;
}
}
// Is the username correct?
if (isset($newuser['auth_user_md5.username'])) {
if ($this->user_data['auth_user_md5.username'] != $newuser['auth_user_md5.username']) {
if (!$this->validator->ValidateUsername($newuser['auth_user_md5.username'])) {
$this->msg .= "error§" . _("Der gewählte Benutzername ist zu kurz oder enthält unzulässige Zeichen!") . "§";
return FALSE;
}
$check_uname = StudipAuthAbstract::CheckUsername($newuser['auth_user_md5.username']);
if ($check_uname['found']) {
$this->msg .= "error§" . _("Der Benutzername wird bereits von einem anderen Benutzer verwendet. Bitte wählen Sie einen anderen Benutzernamen!") . "§";
return false;
} else {
//$this->msg .= "info§" . $check_uname['error'] ."§";
}
} else {
unset($newuser['auth_user_md5.username']);
}
}
// Can we reach the email?
if (isset($newuser['auth_user_md5.Email'])) {
if (!$this->checkMail($newuser['auth_user_md5.Email'])) {
return FALSE;
}
}
// Store changed values in internal array if allowed
$old_perms = $this->user_data['auth_user_md5.perms'];
$auth_plugin = $this->user_data['auth_user_md5.auth_plugin'];
foreach ($newuser as $key => $value) {
if (!StudipAuthAbstract::CheckField($key, $auth_plugin)) {
$this->user_data[$key] = $value;
} else {
$this->msg .= "error§" . sprintf(_("Das Feld <em>%s</em> können Sie nicht ändern!"), $key) . "§";
return FALSE;
}
}
if (!$this->storeToDatabase()) {
$this->msg .= "info§" . _("Es wurden keine Veränderungen der Grunddaten vorgenommen.") . "§";
return false;
}
$this->msg .= "msg§" . sprintf(_("Benutzer \"%s\" verändert."), $this->user_data['auth_user_md5.username']) . "§";
if ($auth_plugin !== null) {
// Automated entering new users, based on their status (perms)
$result = AutoInsert::instance()->saveUser($this->user_data['auth_user_md5.user_id'], $newuser['auth_user_md5.perms']);
foreach ($result['added'] as $item) {
$this->msg .= "msg§" . sprintf(_("Das automatische Eintragen in die Veranstaltung <em>%s</em> wurde durchgeführt."), $item) . "§";
}
foreach ($result['removed'] as $item) {
$this->msg .= "msg§" . sprintf(_("Das automatische Austragen aus der Veranstaltung <em>%s</em> wurde durchgeführt."), $item) . "§";
}
// include language-specific subject and mailbody
$user_language = getUserLanguagePath($this->user_data['auth_user_md5.user_id']);
$Zeit = date("H:i:s, d.m.Y", time());
include "locale/{$user_language}/LC_MAILS/change_mail.inc.php";
// send mail
StudipMail::sendMessage($this->user_data['auth_user_md5.Email'], $subject, $mailbody);
}
// Upgrade to admin or root?
if ($newuser['auth_user_md5.perms'] == "admin" || $newuser['auth_user_md5.perms'] == "root") {
$this->re_sort_position_in_seminar_user();
// delete all seminar entries
$query = "SELECT seminar_id FROM seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
$seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN);
$query = "DELETE FROM seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus Veranstaltungen gelöscht."), $db_ar) . "§";
array_map('update_admission', $seminar_ids);
}
// delete all entries from waiting lists
$query = "SELECT seminar_id FROM admission_seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
$seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN);
$query = "DELETE FROM admission_seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus Wartelisten gelöscht."), $db_ar) . "§";
array_map('update_admission', $seminar_ids);
}
// delete 'Studiengaenge'
$query = "DELETE FROM user_studiengang WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Zuordnungen zu Studiengängen gelöscht."), $db_ar) . "§";
}
// delete all private appointments of this user
if ($db_ar = delete_range_of_dates($this->user_data['auth_user_md5.user_id'], FALSE) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus den Terminen gelöscht."), $db_ar) . "§";
}
}
if ($newuser['auth_user_md5.perms'] == "admin") {
$this->logInstUserDel($this->user_data['auth_user_md5.user_id'], "inst_perms != 'admin'");
$query = "DELETE FROM user_inst WHERE user_id = ? AND inst_perms != 'admin'";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§";
}
}
if ($newuser['auth_user_md5.perms'] == "root") {
$this->logInstUserDel($this->user_data['auth_user_md5.user_id']);
$query = "DELETE FROM user_inst WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§";
}
}
return TRUE;
}
