/**
* Updates the LCC of the currently logged in user.
* @param (mixed) $new_lcc The new LCC for the user.
* @return (array) An array with indices `status` and `message`,
* containing the status code and description of
* the result of the operation.
*/
function update_current_user_lcc($new_lcc)
{
// Check that the LCC is numeric and between 0 and 100 exclusive
$new_lcc = intval($new_lcc);
if ($new_lcc <= 0 || $new_lcc >= 100) {
$message = "Your LCC should be a number between 0 and 100. If your's isn't, ";
$message .= "<a href=\"mailto:" . TECHSTAFF_EMAIL . "\">let our tech staff know</a> ";
$message .= "and we'll update it!";
return array('status' => STATUS_ERROR, 'message' => $message);
}
// Get the CIF user
$cif_user = new CifUser($_SERVER['REDIRECT_WEBAUTH_USER']);
// Check that the new LCC is different from the current one
if ($new_lcc == $cif_user->lcc) {
return array('status' => STATUS_OK, 'message' => "You entered the same LCC that we have on record, so nothing was updated.");
}
try {
$cif_user->update('lcc', $new_lcc);
return array('status' => STATUS_OK, 'message' => "Your LCC's been updated!");
} catch (Exception $e) {
$message = $e->getMessage() . ". Either something's down or there was a hiccup. ";
$message .= "You should <a href=\"mailto:" . TECHSTAFF_EMAIL . "\">contact tech staff</a> ";
$message .= "if this keeps happening for you.";
return array('status' => STATUS_ERROR, 'message' => $message);
}
}
/**
* Updates the password of the currently logged in user.
* @param (mixed) $new_password The new password for the user.
* @param (mixed) $new_password_again Confirmation of the new password for the user.
* @return (array) An array with indices `status`, `message`, and `reasons`
* containing the status code and description of the result of the operation,
* and an array of reasons for that status.
*/
function update_current_user_password($new_password, $new_password_again)
{
try {
$cif_user = new CifUser($_SERVER['REDIRECT_WEBAUTH_USER']);
if ($new_password !== $new_password_again) {
throw new Exception("The passwords you entered didn't match.");
}
// Validate the password
$errors = is_secure_password($new_password, 'Sorry, but your password needs');
if ($errors) {
throw new Exception($errors);
}
// Change the user's password
$cif_user->change_password($new_password);
return array('status' => STATUS_OK, 'message' => "Your password was changed.", 'reasons' => $errors);
} catch (Exception $e) {
$error_message = $e->getMessage();
}
// If execution reaches this point, something went wrong
// If the password was valid, log the results of this failed operation
if (isset($errors) && !$errors) {
file_put_contents(LOG_DIR . $cifid, $log, FILE_APPEND);
}
return array('status' => STATUS_ERROR, 'message' => $error_message, 'reasons' => $errors);
}
/**
* Authenticates through Kerberos for privileged permissions.
* This also creates our CIF user.
*/
public static function setUpBeforeClass()
{
// Authenticate as a priviledged user through Kerberos
self::$kerberos = new CifKerberos();
self::$database = new CifMysql(DATABASE_HOSTNAME, DATABASE_ADMIN_USER, DATABASE_ADMIN_PASSWORD);
self::$ldap = CifLdap::get_connection();
// Create an LDAP test group
self::$ldap->create_group(self::$test_group);
try {
// Create the CIF user from our desired attributes
self::$user = CifUser::create_from(self::get_properties(), self::$password);
} catch (Exception $e) {
echo "\n" . self::$user->get_log();
$this->fail($e->getMessage());
}
}
/**
* Creates or resets the account for the given user.
* @param string $netid The user's University of Rochester NetID.
* @param string $password The user's NetID password.
* @param mixed $lcc The user's LCC.
* @return array An associative array with indices "status" and "message".
* When "status" is STATUS OK, "user_existed", "has_lab_access", and "lcc" keys
* will also be returned.
*/
function create_account($netid, $password, $lcc)
{
global $twig;
// We'll be using Twig to render email templates
// Continue running this script even if the client disconnects
ignore_user_abort(true);
try {
$user_existed = CifUser::user_exists($netid);
$cif_user = CifUser::create($netid, $password, $lcc);
if ($user_existed) {
$has_lab_access = $cif_user->is_a_member_of(LAB_ACCESS_GROUP);
// Send a reset email if the user reset their account
$message = $twig->render('email/account-reset.html', array('has_lab_access' => $has_lab_access, 'old_lcc' => $lcc, 'new_lcc' => $cif_user->lcc));
mail($cif_user->email, 'Your CIF account was reset', $message, EMAIL_HEADER);
} else {
// Give new users lab access
// TODO Should still support an access list to pre-set access for users who do not yet exist;
// TODO (cont) such a list must be synced between dev and prod
$cif_user->join_group(LAB_ACCESS_GROUP);
$has_lab_access = $cif_user->is_a_member_of(LAB_ACCESS_GROUP);
// Send an account creation email to board
$message = $twig->render('email/account-creation-notification.html', array('full_name' => $cif_user->full_name, 'email' => $cif_user->email, 'year' => $cif_user->year));
mail(BOARD_EMAIL, "CIF account created for {$cif_user->full_name}", $message, EMAIL_HEADER);
// Send a welcome email to the new user
$message = $twig->render('email/welcome.html', array('first_name' => $cif_user->first_name, 'has_lab_access' => $has_lab_access, 'lcc' => $lcc));
mail($cif_user->email, 'Your CIF account was created!', $message, EMAIL_HEADER);
}
// Write the log to disk
file_put_contents(LOG_DIR . $netid, $cif_user->get_log(), FILE_APPEND);
return array('status' => STATUS_OK, 'message' => "Your account was successfully " . ($user_existed ? 'reset' : 'created') . "!", 'info' => array('user_existed' => $user_existed, 'has_lab_access' => $has_lab_access, 'lcc' => $cif_user->lcc));
} catch (PasswordException $pe) {
return array('status' => STATUS_AUTH_ERROR, 'message' => "The NetID or password you entered seem to be incorrect.");
} catch (Exception $e) {
// Alert the tech directors if a log can be written
if (isset($cif_user)) {
// Write the log to disk
file_put_contents(LOG_DIR . $netid, $cif_user->get_log(), FILE_APPEND);
$subject = 'CIF Account ' . ($user_existed ? 'Reset' : 'Creation') . " Failed ({$netid})";
$message = "This is a notice to check " . LOG_DIR . "{$netid} for the reason of failure.";
mail(TECHDIRECTOR_EMAIL, $subject, $message);
}
return array('status' => STATUS_ERROR, 'message' => $e->getMessage());
}
}
/**
* Creates a new CifUser for the given credentials.
* If the user already exists in CIF LDAP, this method does nothing.
* If they do not exist, their account will be initialed with data from University LDAP.
* An AFS volume will also be created for the user's file storage if they don't already have one.
*
* @param string $netid The user's netID.
* @param string $password The user's password, necessary for connecting to University LDAP.
* @param int $lcc The user's LCC.
* @return CifUser A CifUser object for the newly created user.
*/
public static function create($netid, $password, $lcc)
{
$netid = strtolower(trim($netid));
$lcc = intval($lcc);
try {
$uni_ldap = new UniversityLdap($netid, $password);
} catch (Exception $e) {
throw new PasswordException('Unable to connect to University servers. Bad username/password?');
}
$attributes = self::parse_attributes($uni_ldap->get_attributes(), 'UniversityLdap');
// Set the user's LCC here because University LDAP doesn't give it to us
$attributes['lcc'] = $lcc;
return CifUser::create_from($attributes, $password);
}
<?php
/**
* Main page. Contains modules for the user's account information,
* LCC and password change forms, and other CIF account service modules
* such as file storage and web hosting.
*/
require_once 'panel-config.php';
require_once 'lib/CifUser.php';
require_once 'lib/utility.php';
// Get the CIF user
$cif_user = new CifUser($_SERVER['REDIRECT_WEBAUTH_USER']);
$has_lab_access = $cif_user->is_a_member_of(LAB_ACCESS_GROUP);
$forms = array();
// If the LCC change form was submitted, handle it
$forms['lcc'] = array('submitted' => false);
if ($has_lab_access && was_submitted('update_lcc') && isset($_POST['new_lcc'])) {
require_once 'lib/lcc.php';
$result = update_current_user_lcc($_POST['new_lcc']);
$forms['lcc']['submitted'] = true;
$forms['lcc']['status'] = $result['status'];
$forms['lcc']['message'] = $result['message'];
}
// If the password change form was submitted, handle it
$forms['password'] = array('submitted' => false);
if (was_submitted('update_password') && isset($_POST['new_password']) && isset($_POST['new_password_confirmation'])) {
require_once 'lib/password.php';
$result = update_current_user_password($_POST['new_password'], $_POST['new_password_confirmation']);
$forms['password']['submitted'] = true;
$forms['password']['status'] = $result['status'];
$forms['password']['message'] = $result['message'];
