/**
* Stores a new password for a user.
*/
public function store_action()
{
$this->check_ticket();
$errors = array();
$hasher = UserManagement::getPwdHasher();
$password = Request::get('new_password');
$confirm = Request::get('new_password_confirm');
if (!($hasher->CheckPassword(md5(Request::get('password')), $this->user['password']) || $hasher->CheckPassword(Request::get('password'), $this->user['password']) || strlen($this->user['password']) == 32 && md5(Request::get('password')) == $this->user['password'])) {
$errors[] = _('Das aktuelle Passwort wurde nicht korrekt eingegeben.');
}
if (!$this->validator->ValidatePassword($password)) {
$errors[] = _('Das Passwort ist zu kurz - es sollte mindestens 4 Zeichen lang sein.');
} else {
if ($password !== $confirm) {
$errors[] = _('Die Wiederholung Ihres Passworts stimmt nicht mit Ihrer Eingabe überein.');
} else {
if ($password == $this->user['username']) {
$errors[] = _('Das Passwort darf nicht mit dem Nutzernamen übereinstimmen.');
} else {
if (str_replace(array('.', ' '), '', strtolower($password)) == 'studip') {
$errors[] = _('Aus Sicherheitsgründen darf das Passwort nicht "Stud.IP" oder eine Abwandlung davon sein.');
}
}
}
}
if (count($errors) > 0) {
$this->reportErrorWithDetails(_('Bitte überprüfen Sie Ihre Eingabe:'), $errors);
} else {
$this->user->password = $hasher->HashPassword($password);
if ($this->user->store()) {
$this->reportSuccess(_('Das Passwort wurde erfolgreich geändert.'));
}
}
$this->redirect('settings/password');
}
/**
*
*
*
* @access public
*
*/
function isAuthenticated($username, $password)
{
$user = User::findByUsername($username);
if (!$user || !$password || strlen($password) > 72) {
$this->error_msg = _("Ungültige Benutzername/Passwort-Kombination!");
return false;
} elseif ($user->username != $username) {
$this->error_msg = _("Bitte achten Sie auf korrekte Groß-Kleinschreibung beim Username!");
return false;
} elseif (!is_null($user->auth_plugin) && $user->auth_plugin != "standard") {
$this->error_msg = sprintf(_("Dieser Benutzername wird bereits über %s authentifiziert!"), $user->auth_plugin);
return false;
} else {
$pass = $user->password;
// Password is stored as a md5 hash
}
$hasher = UserManagement::getPwdHasher();
$old_style_check = strlen($pass) == 32 && md5($password) == $pass;
$migrated_check = $hasher->CheckPassword(md5($password), $pass);
$check = $hasher->CheckPassword($password, $pass);
if (!($check || $migrated_check || $old_style_check)) {
$this->error_msg = _("Das Passwort ist falsch!");
return false;
} else {
return true;
}
}
function up()
{
$db = DBManager::get();
$db->exec("ALTER TABLE `auth_user_md5` CHANGE `password` `password` VARBINARY( 64 ) NOT NULL DEFAULT ''");
$hasher = UserManagement::getPwdHasher();
$pwd_up = $db->prepare("UPDATE auth_user_md5 SET password=? WHERE user_id=?");
foreach($db->query("SELECT user_id,password FROM auth_user_md5 WHERE auth_plugin='standard' AND password <> ''") as $row) {
$new_pwd = $hasher->HashPassword($row['password']);
$pwd_up->execute(array($new_pwd, $row['user_id']));
}
SimpleORMap::expireTableScheme();
}
/**
* @return bool|string
*/
function auth_doregister()
{
global $_language_path;
$this->error_msg = "";
// check for direct link to register2.php
if (!$_SESSION['_language'] || $_SESSION['_language'] == "") {
$_SESSION['_language'] = get_accepted_languages();
}
$_language_path = init_i18n($_SESSION['_language']);
$this->auth["uname"] = Request::username('username');
// This provides access for "crcregister.ihtml"
$validator = new email_validation_class();
// Klasse zum Ueberpruefen der Eingaben
$validator->timeout = 10;
// Wie lange warten wir auf eine Antwort des Mailservers?
if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) {
return false;
}
$username = trim(Request::get('username'));
$Vorname = trim(Request::get('Vorname'));
$Nachname = trim(Request::get('Nachname'));
// accept only registered domains if set
$cfg = Config::GetInstance();
$email_restriction = $cfg->getValue('EMAIL_DOMAIN_RESTRICTION');
if ($email_restriction) {
$Email = trim(Request::get('Email')) . '@' . trim(Request::get('emaildomain'));
} else {
$Email = trim(Request::get('Email'));
}
if (!$validator->ValidateUsername($username)) {
$this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist zu kurz!") . "<br>";
return false;
}
// username syntaktisch falsch oder zu kurz
// auf doppelte Vergabe wird weiter unten getestet.
if (!$validator->ValidatePassword(Request::quoted('password'))) {
$this->error_msg = $this->error_msg . _("Das Passwort ist zu kurz!") . "<br>";
return false;
}
if (!$validator->ValidateName($Vorname)) {
$this->error_msg = $this->error_msg . _("Der Vorname fehlt oder ist unsinnig!") . "<br>";
return false;
}
// Vorname nicht korrekt oder fehlend
if (!$validator->ValidateName($Nachname)) {
$this->error_msg = $this->error_msg . _("Der Nachname fehlt oder ist unsinnig!") . "<br>";
return false;
// Nachname nicht korrekt oder fehlend
}
if (!$validator->ValidateEmailAddress($Email)) {
$this->error_msg = $this->error_msg . _("Die E-Mail-Adresse fehlt oder ist falsch geschrieben!") . "<br>";
return false;
}
// E-Mail syntaktisch nicht korrekt oder fehlend
$REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
$Zeit = date("H:i:s, d.m.Y", time());
if (!$validator->ValidateEmailHost($Email)) {
// Mailserver nicht erreichbar, ablehnen
$this->error_msg = $this->error_msg . _("Der Mailserver ist nicht erreichbar, bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken und empfangen können!") . "<br>";
return false;
} else {
// Server ereichbar
if (!$validator->ValidateEmailBox($Email)) {
// aber user unbekannt. Mail an abuse!
StudipMail::sendAbuseMessage("Register", "Emailbox unbekannt\n\nUser: {$username}\nEmail: {$Email}\n\nIP: {$REMOTE_ADDR}\nZeit: {$Zeit}\n");
$this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse ist nicht erreichbar, bitte überprüfen Sie Ihre Angaben!") . "<br>";
return false;
} else {
// Alles paletti, jetzt kommen die Checks gegen die Datenbank...
}
}
$check_uname = StudipAuthAbstract::CheckUsername($username);
if ($check_uname['found']) {
// error_log("username schon vorhanden", 0);
$this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist bereits vorhanden!") . "<br>";
return false;
// username schon vorhanden
}
if (count(User::findBySQL("Email LIKE " . DbManager::get()->quote($Email)))) {
$this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer verwendet. Sie müssen eine andere E-Mail-Adresse angeben!") . "<br>";
return false;
// Email schon vorhanden
}
// alle Checks ok, Benutzer registrieren...
$hasher = UserManagement::getPwdHasher();
$new_user = new User();
$new_user->username = $username;
$new_user->perms = 'user';
$new_user->password = $hasher->HashPassword(Request::get('password'));
$new_user->vorname = $Vorname;
$new_user->nachname = $Nachname;
$new_user->email = $Email;
$new_user->geschlecht = Request::int('geschlecht');
$new_user->title_front = trim(Request::get('title_front', Request::get('title_front_chooser')));
$new_user->title_rear = trim(Request::get('title_rear', Request::get('title_rear_chooser')));
$new_user->auth_plugin = 'standard';
$new_user->store();
if ($new_user->user_id) {
self::sendValidationMail($new_user);
$this->auth["perm"] = $new_user->perms;
return $new_user->user_id;
}
}
/**
* Imports a line of the table into the Stud.IP database if the check returns no errors.
* @param array $line : array of fields
* @return array : array('found' => true|false, 'errors' => "Error message", 'pk' => "primary key")
*/
public function importLine($line)
{
$plugin = $this->getPlugin();
$classname = $this['import_type'];
if (!$classname) {
return array();
}
$data = $this->getMappedData($line);
$pk = $this->getPrimaryKey($data);
//Last chance to quit:
$error = $this->checkLine($line, $data, $pk);
$output = array();
$object = new $classname($pk);
if (!$object->isNew()) {
$output['found'] = true;
$output['pk'] = $pk;
foreach ((array) $this['tabledata']['ignoreonupdate'] as $fieldname) {
unset($data[$fieldname]);
}
} else {
$output['found'] = false;
}
foreach ($data as $fieldname => $value) {
if ($value !== false && in_array($fieldname, $this->getTargetFields())) {
$object[$fieldname] = $value;
if ($classname === "User" && $fieldname === "password") {
$object[$fieldname] = UserManagement::getPwdHasher()->HashPassword($value);
}
}
}
if (method_exists($object, "getFullName")) {
$error['name'] = $output['name'] = $object->getFullName();
} elseif ($object->isField("name")) {
$error['name'] = $output['name'] = $object['name'];
} elseif ($object->isField("title")) {
$error['name'] = $output['name'] = $object['title'];
}
if ($error && $error['errors']) {
//exit here to have the name of the object in the log
return $error;
}
if ($plugin) {
$plugin->beforeUpdate($object, $line, $data);
}
$object->store();
$output['pk'] = (array) $object->getId();
//Dynamic special fields:
switch ($classname) {
case "Course":
//fleximport_dozenten
foreach ($data['fleximport_dozenten'] as $dozent_id) {
$seminar = new Seminar($object->getId());
$seminar->addMember($dozent_id, 'dozent');
}
//fleximport_related_institutes
if (!$data['fleximport_related_institutes']) {
$data['fleximport_related_institutes'] = array($object['institut_id']);
} else {
if (!in_array($object['institut_id'], $data['fleximport_related_institutes'])) {
$data['fleximport_related_institutes'][] = $object['institut_id'];
}
}
foreach ($data['fleximport_related_institutes'] as $institut_id) {
$insert = DBManager::get()->prepare("\n INSERT IGNORE INTO seminar_inst\n SET seminar_id = :seminar_id,\n institut_id = :institut_id\n ");
$insert->execute(array('seminar_id' => $object->getId(), 'institut_id' => $institut_id));
}
if ($this['tabledata']['simplematching']["fleximport_course_userdomains"]['column'] || in_array("fleximport_course_userdomains", $this->fieldsToBeDynamicallyMapped())) {
$statement = DBManager::get()->prepare("\n SELECT userdomain_id\n FROM seminar_userdomains\n WHERE seminar_id = ?\n ");
$statement->execute(array($object->getId()));
$olddomains = $statement->fetchAll(PDO::FETCH_COLUMN, 0);
foreach (array_diff($data['fleximport_user_inst'], $olddomains) as $to_add) {
$domain = new UserDomain($to_add);
$domain->addSeminar($object->getId());
}
foreach (array_diff($olddomains, $data['fleximport_user_inst']) as $to_remove) {
$domain = new UserDomain($to_remove);
$domain->removeSeminar($object->getId());
}
}
break;
case "User":
if ($this['tabledata']['simplematching']["fleximport_user_inst"]['column'] || in_array("fleximport_user_inst", $this->fieldsToBeDynamicallyMapped())) {
if ($object['perms'] !== "root") {
foreach ($data['fleximport_user_inst'] as $institut_id) {
$member = new InstituteMember(array($object->getId(), $institut_id));
$member['inst_perms'] = $object['perms'];
$member->store();
}
}
}
if ($this['tabledata']['simplematching']["fleximport_userdomains"]['column'] || in_array("fleximport_userdomains", $this->fieldsToBeDynamicallyMapped())) {
$olddomains = UserDomain::getUserDomainsForUser($object->getId());
foreach ($olddomains as $olddomain) {
if (!in_array($olddomain->getID(), (array) $data['fleximport_userdomains'])) {
$olddomain->removeUser($object->getId());
}
}
foreach ($data['fleximport_userdomains'] as $userdomain) {
$domain = new UserDomain($userdomain);
$domain->addUser($object->getId());
}
AutoInsert::instance()->saveUser($object->getId());
foreach ($data['fleximport_userdomains'] as $domain_id) {
if (!in_array($domain_id, $olddomains)) {
$welcome = FleximportConfig::get("USERDOMAIN_WELCOME_" . $domain_id);
if ($welcome) {
foreach ($object->toArray() as $field => $value) {
$welcome = str_replace("{{" . $field . "}}", $value, $welcome);
}
foreach ($line as $field => $value) {
$welcome = str_replace("{{" . $field . "}}", $value, $welcome);
}
if (strpos($welcome, "\n") === false) {
$subject = _("Willkommen!");
} else {
$subject = strstr($welcome, "\n", true);
$welcome = substr($welcome, strpos($welcome, "\n") + 1);
}
$messaging = new messaging();
$count = $messaging->insert_message($welcome, $object->username, '____%system%____', null, null, null, null, $subject, true, 'normal');
}
}
}
}
if ($this['tabledata']['simplematching']["fleximport_expiration_date"]['column'] || in_array("fleximport_expiration_date", $this->fieldsToBeDynamicallyMapped())) {
if ($data['fleximport_expiration_date']) {
UserConfig::get($object->getId())->store("EXPIRATION_DATE", $data['fleximport_expiration_date']);
} else {
UserConfig::get($object->getId())->delete("EXPIRATION_DATE");
}
}
if ($output['found'] === false && $data['fleximport_welcome_message'] !== "none") {
$user_language = getUserLanguagePath($object->getId());
setTempLanguage(false, $user_language);
if ($data['fleximport_welcome_message'] && FleximportConfig::get($data['fleximport_welcome_message'])) {
$message = FleximportConfig::get($data['fleximport_welcome_message']);
foreach ($data as $field => $value) {
$message = str_replace("{{" . $field . "}}", $value, $message);
}
foreach ($line as $field => $value) {
if (!in_array($field, $data)) {
$message = str_replace("{{" . $field . "}}", $value, $message);
}
}
if (strpos($message, "\n") === false) {
$subject = dgettext($user_language, "Anmeldung Stud.IP-System");
} else {
$subject = strstr($message, "\n", true);
$message = substr($message, strpos($message, "\n") + 1);
}
} else {
$Zeit = date("H:i:s, d.m.Y", time());
$this->user_data = array('auth_user_md5.username' => $object['username'], 'auth_user_md5.perms' => $object['perms'], 'auth_user_md5.Vorname' => $object['vorname'], 'auth_user_md5.Nachname' => $object['nachname'], 'auth_user_md5.Email' => $object['email']);
$password = $data['password'];
//this is the not hashed password in cleartext
include "locale/{$user_language}/LC_MAILS/create_mail.inc.php";
$message = $mailbody;
}
if ($message) {
$mail = new StudipMail();
$mail->addRecipient($object['email'], $object->getFullName());
$mail->setSubject($subject);
$mail->setBodyText($message);
$mail->setBodyHtml(formatReady($message));
if (Config::get()->MAILQUEUE_ENABLE) {
MailQueueEntry::add($mail);
} else {
$mail->send();
}
}
restoreLanguage();
}
break;
}
//Datafields:
$datafields = array();
switch ($classname) {
case "Course":
$datafields = Datafield::findBySQL("object_type = 'sem'");
break;
case "User":
$datafields = Datafield::findBySQL("object_type = 'user'");
break;
case "CourseMember":
$datafields = Datafield::findBySQL("object_type = 'usersemdata'");
break;
}
foreach ($datafields as $datafield) {
$fieldname = $datafield['name'];
if (isset($data[$fieldname])) {
$entry = new DatafieldEntryModel(array($datafield->getId(), $object->getId(), ""));
$entry['content'] = $data[$fieldname];
$entry->store();
}
}
if ($classname === "Course") {
if ($this['tabledata']['simplematching']["fleximport_studyarea"]['column'] || in_array("fleximport_studyarea", $this->fieldsToBeDynamicallyMapped())) {
//Studienbereiche:
$remove = DBManager::get()->prepare("\n DELETE FROM seminar_sem_tree\n WHERE seminar_id = :seminar_id\n ");
$remove->execute(array('seminar_id' => $object->getId()));
if ($GLOBALS['SEM_CLASS'][$GLOBALS['SEM_TYPE'][$data['status']]['class']]['bereiche']) {
foreach ($data['fleximport_studyarea'] as $sem_tree_id) {
$insert = DBManager::get()->prepare("\n INSERT IGNORE INTO seminar_sem_tree\n SET sem_tree_id = :sem_tree_id,\n seminar_id = :seminar_id\n ");
$insert->execute(array('sem_tree_id' => $sem_tree_id, 'seminar_id' => $object->getId()));
}
}
}
if ($this['tabledata']['simplematching']["fleximport_locked"]['column'] || in_array("fleximport_locked", $this->fieldsToBeDynamicallyMapped())) {
//Lock or unlock course
if ($data['fleximport_locked']) {
CourseSet::addCourseToSet(CourseSet::getGlobalLockedAdmissionSetId(), $object->getId());
} elseif (in_array($data['fleximport_locked'], array("0", 0)) && $data['fleximport_locked'] !== "") {
CourseSet::removeCourseFromSet(CourseSet::getGlobalLockedAdmissionSetId(), $object->getId());
}
}
$folder_exist = DBManager::get()->prepare("\n SELECT 1 FROM folder WHERE range_id = ?\n ");
$folder_exist->execute(array($object->getId()));
if (!$folder_exist->fetch()) {
$insert_folder = DBManager::get()->prepare("\n INSERT IGNORE INTO folder\n SET folder_id = MD5(CONCAT(:seminar_id, 'allgemeine_dateien')),\n range_id = :seminar_id,\n user_id = :user_id,\n name = :name,\n description = :description,\n mkdate = UNIX_TIMESTAMP(),\n chdate = UNIX_TIMESTAMP()\n ");
$insert_folder->execute(array('seminar_id' => $object->getId(), 'user_id' => $GLOBALS['user']->id, 'name' => _("Allgemeiner Dateiordner"), 'description' => _("Ablage für allgemeine Ordner und Dokumente der Veranstaltung")));
}
}
if ($plugin && !$object->isNew()) {
$plugin->afterUpdate($object, $line);
}
return $output;
}