Beispiel #1
0
 /**
  * Stores a new password for a user.
  */
 public function store_action()
 {
     $this->check_ticket();
     $errors = array();
     $hasher = UserManagement::getPwdHasher();
     $password = Request::get('new_password');
     $confirm = Request::get('new_password_confirm');
     if (!($hasher->CheckPassword(md5(Request::get('password')), $this->user['password']) || $hasher->CheckPassword(Request::get('password'), $this->user['password']) || strlen($this->user['password']) == 32 && md5(Request::get('password')) == $this->user['password'])) {
         $errors[] = _('Das aktuelle Passwort wurde nicht korrekt eingegeben.');
     }
     if (!$this->validator->ValidatePassword($password)) {
         $errors[] = _('Das Passwort ist zu kurz - es sollte mindestens 4 Zeichen lang sein.');
     } else {
         if ($password !== $confirm) {
             $errors[] = _('Die Wiederholung Ihres Passworts stimmt nicht mit Ihrer Eingabe überein.');
         } else {
             if ($password == $this->user['username']) {
                 $errors[] = _('Das Passwort darf nicht mit dem Nutzernamen übereinstimmen.');
             } else {
                 if (str_replace(array('.', ' '), '', strtolower($password)) == 'studip') {
                     $errors[] = _('Aus Sicherheitsgründen darf das Passwort nicht "Stud.IP" oder eine Abwandlung davon sein.');
                 }
             }
         }
     }
     if (count($errors) > 0) {
         $this->reportErrorWithDetails(_('Bitte überprüfen Sie Ihre Eingabe:'), $errors);
     } else {
         $this->user->password = $hasher->HashPassword($password);
         if ($this->user->store()) {
             $this->reportSuccess(_('Das Passwort wurde erfolgreich geändert.'));
         }
     }
     $this->redirect('settings/password');
 }
 /**
  *
  *
  *
  * @access public
  *
  */
 function isAuthenticated($username, $password)
 {
     $user = User::findByUsername($username);
     if (!$user || !$password || strlen($password) > 72) {
         $this->error_msg = _("Ungültige Benutzername/Passwort-Kombination!");
         return false;
     } elseif ($user->username != $username) {
         $this->error_msg = _("Bitte achten Sie auf korrekte Groß-Kleinschreibung beim Username!");
         return false;
     } elseif (!is_null($user->auth_plugin) && $user->auth_plugin != "standard") {
         $this->error_msg = sprintf(_("Dieser Benutzername wird bereits über %s authentifiziert!"), $user->auth_plugin);
         return false;
     } else {
         $pass = $user->password;
         // Password is stored as a md5 hash
     }
     $hasher = UserManagement::getPwdHasher();
     $old_style_check = strlen($pass) == 32 && md5($password) == $pass;
     $migrated_check = $hasher->CheckPassword(md5($password), $pass);
     $check = $hasher->CheckPassword($password, $pass);
     if (!($check || $migrated_check || $old_style_check)) {
         $this->error_msg = _("Das Passwort ist falsch!");
         return false;
     } else {
         return true;
     }
 }
 function up()
 {
     $db = DBManager::get();
     $db->exec("ALTER TABLE `auth_user_md5` CHANGE `password` `password` VARBINARY( 64 ) NOT NULL DEFAULT ''");
     $hasher = UserManagement::getPwdHasher();
     $pwd_up = $db->prepare("UPDATE auth_user_md5 SET password=? WHERE user_id=?");
     foreach($db->query("SELECT user_id,password FROM auth_user_md5 WHERE auth_plugin='standard' AND password <> ''") as $row) {
         $new_pwd = $hasher->HashPassword($row['password']);
         $pwd_up->execute(array($new_pwd, $row['user_id']));
     }
     SimpleORMap::expireTableScheme();
 }
 /**
  * @return bool|string
  */
 function auth_doregister()
 {
     global $_language_path;
     $this->error_msg = "";
     // check for direct link to register2.php
     if (!$_SESSION['_language'] || $_SESSION['_language'] == "") {
         $_SESSION['_language'] = get_accepted_languages();
     }
     $_language_path = init_i18n($_SESSION['_language']);
     $this->auth["uname"] = Request::username('username');
     // This provides access for "crcregister.ihtml"
     $validator = new email_validation_class();
     // Klasse zum Ueberpruefen der Eingaben
     $validator->timeout = 10;
     // Wie lange warten wir auf eine Antwort des Mailservers?
     if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) {
         return false;
     }
     $username = trim(Request::get('username'));
     $Vorname = trim(Request::get('Vorname'));
     $Nachname = trim(Request::get('Nachname'));
     // accept only registered domains if set
     $cfg = Config::GetInstance();
     $email_restriction = $cfg->getValue('EMAIL_DOMAIN_RESTRICTION');
     if ($email_restriction) {
         $Email = trim(Request::get('Email')) . '@' . trim(Request::get('emaildomain'));
     } else {
         $Email = trim(Request::get('Email'));
     }
     if (!$validator->ValidateUsername($username)) {
         $this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist zu kurz!") . "<br>";
         return false;
     }
     // username syntaktisch falsch oder zu kurz
     // auf doppelte Vergabe wird weiter unten getestet.
     if (!$validator->ValidatePassword(Request::quoted('password'))) {
         $this->error_msg = $this->error_msg . _("Das Passwort ist zu kurz!") . "<br>";
         return false;
     }
     if (!$validator->ValidateName($Vorname)) {
         $this->error_msg = $this->error_msg . _("Der Vorname fehlt oder ist unsinnig!") . "<br>";
         return false;
     }
     // Vorname nicht korrekt oder fehlend
     if (!$validator->ValidateName($Nachname)) {
         $this->error_msg = $this->error_msg . _("Der Nachname fehlt oder ist unsinnig!") . "<br>";
         return false;
         // Nachname nicht korrekt oder fehlend
     }
     if (!$validator->ValidateEmailAddress($Email)) {
         $this->error_msg = $this->error_msg . _("Die E-Mail-Adresse fehlt oder ist falsch geschrieben!") . "<br>";
         return false;
     }
     // E-Mail syntaktisch nicht korrekt oder fehlend
     $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
     $Zeit = date("H:i:s, d.m.Y", time());
     if (!$validator->ValidateEmailHost($Email)) {
         // Mailserver nicht erreichbar, ablehnen
         $this->error_msg = $this->error_msg . _("Der Mailserver ist nicht erreichbar, bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken und empfangen können!") . "<br>";
         return false;
     } else {
         // Server ereichbar
         if (!$validator->ValidateEmailBox($Email)) {
             // aber user unbekannt. Mail an abuse!
             StudipMail::sendAbuseMessage("Register", "Emailbox unbekannt\n\nUser: {$username}\nEmail: {$Email}\n\nIP: {$REMOTE_ADDR}\nZeit: {$Zeit}\n");
             $this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse ist nicht erreichbar, bitte überprüfen Sie Ihre Angaben!") . "<br>";
             return false;
         } else {
             // Alles paletti, jetzt kommen die Checks gegen die Datenbank...
         }
     }
     $check_uname = StudipAuthAbstract::CheckUsername($username);
     if ($check_uname['found']) {
         //   error_log("username schon vorhanden", 0);
         $this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist bereits vorhanden!") . "<br>";
         return false;
         // username schon vorhanden
     }
     if (count(User::findBySQL("Email LIKE " . DbManager::get()->quote($Email)))) {
         $this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer verwendet. Sie müssen eine andere E-Mail-Adresse angeben!") . "<br>";
         return false;
         // Email schon vorhanden
     }
     // alle Checks ok, Benutzer registrieren...
     $hasher = UserManagement::getPwdHasher();
     $new_user = new User();
     $new_user->username = $username;
     $new_user->perms = 'user';
     $new_user->password = $hasher->HashPassword(Request::get('password'));
     $new_user->vorname = $Vorname;
     $new_user->nachname = $Nachname;
     $new_user->email = $Email;
     $new_user->geschlecht = Request::int('geschlecht');
     $new_user->title_front = trim(Request::get('title_front', Request::get('title_front_chooser')));
     $new_user->title_rear = trim(Request::get('title_rear', Request::get('title_rear_chooser')));
     $new_user->auth_plugin = 'standard';
     $new_user->store();
     if ($new_user->user_id) {
         self::sendValidationMail($new_user);
         $this->auth["perm"] = $new_user->perms;
         return $new_user->user_id;
     }
 }
 /**
  * Imports a line of the table into the Stud.IP database if the check returns no errors.
  * @param array $line : array of fields
  * @return array : array('found' => true|false, 'errors' => "Error message", 'pk' => "primary key")
  */
 public function importLine($line)
 {
     $plugin = $this->getPlugin();
     $classname = $this['import_type'];
     if (!$classname) {
         return array();
     }
     $data = $this->getMappedData($line);
     $pk = $this->getPrimaryKey($data);
     //Last chance to quit:
     $error = $this->checkLine($line, $data, $pk);
     $output = array();
     $object = new $classname($pk);
     if (!$object->isNew()) {
         $output['found'] = true;
         $output['pk'] = $pk;
         foreach ((array) $this['tabledata']['ignoreonupdate'] as $fieldname) {
             unset($data[$fieldname]);
         }
     } else {
         $output['found'] = false;
     }
     foreach ($data as $fieldname => $value) {
         if ($value !== false && in_array($fieldname, $this->getTargetFields())) {
             $object[$fieldname] = $value;
             if ($classname === "User" && $fieldname === "password") {
                 $object[$fieldname] = UserManagement::getPwdHasher()->HashPassword($value);
             }
         }
     }
     if (method_exists($object, "getFullName")) {
         $error['name'] = $output['name'] = $object->getFullName();
     } elseif ($object->isField("name")) {
         $error['name'] = $output['name'] = $object['name'];
     } elseif ($object->isField("title")) {
         $error['name'] = $output['name'] = $object['title'];
     }
     if ($error && $error['errors']) {
         //exit here to have the name of the object in the log
         return $error;
     }
     if ($plugin) {
         $plugin->beforeUpdate($object, $line, $data);
     }
     $object->store();
     $output['pk'] = (array) $object->getId();
     //Dynamic special fields:
     switch ($classname) {
         case "Course":
             //fleximport_dozenten
             foreach ($data['fleximport_dozenten'] as $dozent_id) {
                 $seminar = new Seminar($object->getId());
                 $seminar->addMember($dozent_id, 'dozent');
             }
             //fleximport_related_institutes
             if (!$data['fleximport_related_institutes']) {
                 $data['fleximport_related_institutes'] = array($object['institut_id']);
             } else {
                 if (!in_array($object['institut_id'], $data['fleximport_related_institutes'])) {
                     $data['fleximport_related_institutes'][] = $object['institut_id'];
                 }
             }
             foreach ($data['fleximport_related_institutes'] as $institut_id) {
                 $insert = DBManager::get()->prepare("\n                        INSERT IGNORE INTO seminar_inst\n                        SET seminar_id = :seminar_id,\n                            institut_id = :institut_id\n                    ");
                 $insert->execute(array('seminar_id' => $object->getId(), 'institut_id' => $institut_id));
             }
             if ($this['tabledata']['simplematching']["fleximport_course_userdomains"]['column'] || in_array("fleximport_course_userdomains", $this->fieldsToBeDynamicallyMapped())) {
                 $statement = DBManager::get()->prepare("\n                        SELECT userdomain_id\n                        FROM seminar_userdomains\n                        WHERE seminar_id = ?\n                    ");
                 $statement->execute(array($object->getId()));
                 $olddomains = $statement->fetchAll(PDO::FETCH_COLUMN, 0);
                 foreach (array_diff($data['fleximport_user_inst'], $olddomains) as $to_add) {
                     $domain = new UserDomain($to_add);
                     $domain->addSeminar($object->getId());
                 }
                 foreach (array_diff($olddomains, $data['fleximport_user_inst']) as $to_remove) {
                     $domain = new UserDomain($to_remove);
                     $domain->removeSeminar($object->getId());
                 }
             }
             break;
         case "User":
             if ($this['tabledata']['simplematching']["fleximport_user_inst"]['column'] || in_array("fleximport_user_inst", $this->fieldsToBeDynamicallyMapped())) {
                 if ($object['perms'] !== "root") {
                     foreach ($data['fleximport_user_inst'] as $institut_id) {
                         $member = new InstituteMember(array($object->getId(), $institut_id));
                         $member['inst_perms'] = $object['perms'];
                         $member->store();
                     }
                 }
             }
             if ($this['tabledata']['simplematching']["fleximport_userdomains"]['column'] || in_array("fleximport_userdomains", $this->fieldsToBeDynamicallyMapped())) {
                 $olddomains = UserDomain::getUserDomainsForUser($object->getId());
                 foreach ($olddomains as $olddomain) {
                     if (!in_array($olddomain->getID(), (array) $data['fleximport_userdomains'])) {
                         $olddomain->removeUser($object->getId());
                     }
                 }
                 foreach ($data['fleximport_userdomains'] as $userdomain) {
                     $domain = new UserDomain($userdomain);
                     $domain->addUser($object->getId());
                 }
                 AutoInsert::instance()->saveUser($object->getId());
                 foreach ($data['fleximport_userdomains'] as $domain_id) {
                     if (!in_array($domain_id, $olddomains)) {
                         $welcome = FleximportConfig::get("USERDOMAIN_WELCOME_" . $domain_id);
                         if ($welcome) {
                             foreach ($object->toArray() as $field => $value) {
                                 $welcome = str_replace("{{" . $field . "}}", $value, $welcome);
                             }
                             foreach ($line as $field => $value) {
                                 $welcome = str_replace("{{" . $field . "}}", $value, $welcome);
                             }
                             if (strpos($welcome, "\n") === false) {
                                 $subject = _("Willkommen!");
                             } else {
                                 $subject = strstr($welcome, "\n", true);
                                 $welcome = substr($welcome, strpos($welcome, "\n") + 1);
                             }
                             $messaging = new messaging();
                             $count = $messaging->insert_message($welcome, $object->username, '____%system%____', null, null, null, null, $subject, true, 'normal');
                         }
                     }
                 }
             }
             if ($this['tabledata']['simplematching']["fleximport_expiration_date"]['column'] || in_array("fleximport_expiration_date", $this->fieldsToBeDynamicallyMapped())) {
                 if ($data['fleximport_expiration_date']) {
                     UserConfig::get($object->getId())->store("EXPIRATION_DATE", $data['fleximport_expiration_date']);
                 } else {
                     UserConfig::get($object->getId())->delete("EXPIRATION_DATE");
                 }
             }
             if ($output['found'] === false && $data['fleximport_welcome_message'] !== "none") {
                 $user_language = getUserLanguagePath($object->getId());
                 setTempLanguage(false, $user_language);
                 if ($data['fleximport_welcome_message'] && FleximportConfig::get($data['fleximport_welcome_message'])) {
                     $message = FleximportConfig::get($data['fleximport_welcome_message']);
                     foreach ($data as $field => $value) {
                         $message = str_replace("{{" . $field . "}}", $value, $message);
                     }
                     foreach ($line as $field => $value) {
                         if (!in_array($field, $data)) {
                             $message = str_replace("{{" . $field . "}}", $value, $message);
                         }
                     }
                     if (strpos($message, "\n") === false) {
                         $subject = dgettext($user_language, "Anmeldung Stud.IP-System");
                     } else {
                         $subject = strstr($message, "\n", true);
                         $message = substr($message, strpos($message, "\n") + 1);
                     }
                 } else {
                     $Zeit = date("H:i:s, d.m.Y", time());
                     $this->user_data = array('auth_user_md5.username' => $object['username'], 'auth_user_md5.perms' => $object['perms'], 'auth_user_md5.Vorname' => $object['vorname'], 'auth_user_md5.Nachname' => $object['nachname'], 'auth_user_md5.Email' => $object['email']);
                     $password = $data['password'];
                     //this is the not hashed password in cleartext
                     include "locale/{$user_language}/LC_MAILS/create_mail.inc.php";
                     $message = $mailbody;
                 }
                 if ($message) {
                     $mail = new StudipMail();
                     $mail->addRecipient($object['email'], $object->getFullName());
                     $mail->setSubject($subject);
                     $mail->setBodyText($message);
                     $mail->setBodyHtml(formatReady($message));
                     if (Config::get()->MAILQUEUE_ENABLE) {
                         MailQueueEntry::add($mail);
                     } else {
                         $mail->send();
                     }
                 }
                 restoreLanguage();
             }
             break;
     }
     //Datafields:
     $datafields = array();
     switch ($classname) {
         case "Course":
             $datafields = Datafield::findBySQL("object_type = 'sem'");
             break;
         case "User":
             $datafields = Datafield::findBySQL("object_type = 'user'");
             break;
         case "CourseMember":
             $datafields = Datafield::findBySQL("object_type = 'usersemdata'");
             break;
     }
     foreach ($datafields as $datafield) {
         $fieldname = $datafield['name'];
         if (isset($data[$fieldname])) {
             $entry = new DatafieldEntryModel(array($datafield->getId(), $object->getId(), ""));
             $entry['content'] = $data[$fieldname];
             $entry->store();
         }
     }
     if ($classname === "Course") {
         if ($this['tabledata']['simplematching']["fleximport_studyarea"]['column'] || in_array("fleximport_studyarea", $this->fieldsToBeDynamicallyMapped())) {
             //Studienbereiche:
             $remove = DBManager::get()->prepare("\n                    DELETE FROM seminar_sem_tree\n                    WHERE seminar_id = :seminar_id\n                ");
             $remove->execute(array('seminar_id' => $object->getId()));
             if ($GLOBALS['SEM_CLASS'][$GLOBALS['SEM_TYPE'][$data['status']]['class']]['bereiche']) {
                 foreach ($data['fleximport_studyarea'] as $sem_tree_id) {
                     $insert = DBManager::get()->prepare("\n                            INSERT IGNORE INTO seminar_sem_tree\n                            SET sem_tree_id = :sem_tree_id,\n                                seminar_id = :seminar_id\n                        ");
                     $insert->execute(array('sem_tree_id' => $sem_tree_id, 'seminar_id' => $object->getId()));
                 }
             }
         }
         if ($this['tabledata']['simplematching']["fleximport_locked"]['column'] || in_array("fleximport_locked", $this->fieldsToBeDynamicallyMapped())) {
             //Lock or unlock course
             if ($data['fleximport_locked']) {
                 CourseSet::addCourseToSet(CourseSet::getGlobalLockedAdmissionSetId(), $object->getId());
             } elseif (in_array($data['fleximport_locked'], array("0", 0)) && $data['fleximport_locked'] !== "") {
                 CourseSet::removeCourseFromSet(CourseSet::getGlobalLockedAdmissionSetId(), $object->getId());
             }
         }
         $folder_exist = DBManager::get()->prepare("\n                SELECT 1 FROM folder WHERE range_id = ?\n            ");
         $folder_exist->execute(array($object->getId()));
         if (!$folder_exist->fetch()) {
             $insert_folder = DBManager::get()->prepare("\n                    INSERT IGNORE INTO folder\n                    SET folder_id = MD5(CONCAT(:seminar_id, 'allgemeine_dateien')),\n                    range_id = :seminar_id,\n                    user_id = :user_id,\n                    name = :name,\n                    description = :description,\n                    mkdate = UNIX_TIMESTAMP(),\n                    chdate = UNIX_TIMESTAMP()\n                ");
             $insert_folder->execute(array('seminar_id' => $object->getId(), 'user_id' => $GLOBALS['user']->id, 'name' => _("Allgemeiner Dateiordner"), 'description' => _("Ablage für allgemeine Ordner und Dokumente der Veranstaltung")));
         }
     }
     if ($plugin && !$object->isNew()) {
         $plugin->afterUpdate($object, $line);
     }
     return $output;
 }