/**
* set all sessions and cookie credentials after autentifications
* @param type $userId
*/
public static function setAsLoged($userId, $key)
{
// $logActionType = 'login';
$coreName = Config::get('core_name');
$ips = '|' . Util\getIPs() . '|';
$_SESSION['ips'] = $ips;
$_SESSION['key'] = $key;
$_COOKIE['key'] = $_SESSION['key'];
if (php_sapi_name() == "cli") {
$_COOKIE['key'] = $_SESSION['key'];
} else {
setcookie('key', $_SESSION['key'], 0, '/' . $coreName . '/', $_SERVER['SERVER_NAME'], !empty($_SERVER['HTTPS']), true);
}
$rez = array('success' => true, 'user' => array());
$r = User::getPreferences($userId);
if (!empty($r)) {
$r['admin'] = Security::isAdmin($userId);
$r['manage'] = Security::canManage($userId);
$r['first_name'] = htmlentities($r['first_name'], ENT_QUOTES, 'UTF-8');
$r['last_name'] = htmlentities($r['last_name'], ENT_QUOTES, 'UTF-8');
//set default theme
if (empty($r['cfg']['theme'])) {
$r['cfg']['theme'] = 'classic';
}
// do not expose security params
unset($r['cfg']['security']);
$rez['user'] = $r;
$_SESSION['user'] = $r;
if (php_sapi_name() == "cli") {
$_COOKIE['key'] = $_SESSION['key'];
} else {
setcookie('L', $r['language']);
}
// set user groups
$rez['user']['groups'] = UsersGroups::getGroupIdsForUser();
$_SESSION['user']['groups'] = $rez['user']['groups'];
$_SESSION['user']['TSV_checked'] = true;
}
return $rez;
}
/**
* Save access data specified for a user in UserManagement form (groups association)
*
*
*/
public function saveAccessData($p)
{
if (!User::isVerified()) {
return array('success' => false, 'verify' => true);
}
if (!Security::canManage()) {
throw new \Exception(L\get('Access_denied'));
}
$p = (array) $p;
@($user_id = $this->extractId($p['id']));
/* analize groups:
- for newly associated groups the access should be updated
- for deassociated groups the access also should be reviewed/**/
/* get current user groups */
$current_groups = UsersGroups::getGroupIdsForUser($user_id);
$updating_groups = Util\toNumericArray(@$p['groups']);
$new_groups = array_diff($updating_groups, $current_groups);
$deleting_groups = array_diff($current_groups, $updating_groups);
foreach ($new_groups as $group_id) {
DB\dbQuery('INSERT INTO users_groups_association (user_id, group_id, cid)
VALUES($1, $2, $3)
ON DUPLICATE KEY
UPDATE uid = $3', array($user_id, $group_id, $_SESSION['user']['id'])) or die(DB\dbQueryError());
}
if (!empty($deleting_groups)) {
DB\dbQuery('DELETE
FROM users_groups_association
WHERE user_id = $1
AND group_id IN (' . implode(', ', $deleting_groups) . ')', $user_id) or die(DB\dbQueryError());
}
Security::calculateUpdatedSecuritySets($user_id);
Solr\Client::runBackgroundCron();
return array('success' => true);
}
/**
* login method for user authentication
* @param varchar $login username
* @param varchar $pass password
* @return array json responce
*/
public static function login($login, $pass)
{
$logActionType = 'login';
$ips = '|' . Util\getIPs() . '|';
$coreName = Config::get('core_name');
@(list($login, $loginAs) = explode('/', $login));
$_SESSION['ips'] = $ips;
$_SESSION['key'] = md5($ips . $login . $pass . time());
$_COOKIE['key'] = $_SESSION['key'];
setcookie('key', $_SESSION['key'], 0, '/' . $coreName . '/', $_SERVER['SERVER_NAME'], !empty($_SERVER['HTTPS']), true);
$rez = array('success' => false);
$user_id = false;
/* try to authentificate */
$res = DB\dbQuery('CALL p_user_login($1, $2, $3)', array($login, $pass, $ips)) or die(DB\dbQueryError());
if (($r = $res->fetch_assoc()) && $r['status'] == 1) {
$user_id = $r['user_id'];
}
$res->close();
DB\dbCleanConnection();
if ($user_id) {
$rez = array('success' => true, 'user' => array());
if (!empty($loginAs) && $login == 'root') {
$user_id = DM\User::getIdByName($loginAs);
}
$r = User::getPreferences($user_id);
if (!empty($r)) {
$r['admin'] = Security::isAdmin($user_id);
$r['manage'] = Security::canManage($user_id);
$r['first_name'] = htmlentities($r['first_name'], ENT_QUOTES, 'UTF-8');
$r['last_name'] = htmlentities($r['last_name'], ENT_QUOTES, 'UTF-8');
//set default theme
if (empty($r['cfg']['theme'])) {
$r['cfg']['theme'] = 'classic';
}
// do not expose security params
unset($r['cfg']['security']);
$rez['user'] = $r;
$_SESSION['user'] = $r;
setcookie('L', $r['language']);
// set user groups
$rez['user']['groups'] = UsersGroups::getGroupIdsForUser();
$_SESSION['user']['groups'] = $rez['user']['groups'];
}
} else {
//check if login exists and add user id to session for logging
$user_id = DM\User::getIdByName($login);
if (!empty($user_id)) {
$_SESSION['user']['id'] = $user_id;
$logActionType = 'login_fail';
}
$rez['msg'] = L\get('Auth_fail');
}
// $logParams = array(
// 'type' => $logActionType
// ,'data' => array(
// 'id' => @$_SESSION['user']['id']
// ,'name' => @Util\coalesce($_SESSION['user']['name'], $login)
// ,'result' => isset($_SESSION['user'])
// ,'info' => 'user: '.$login."\nip: ".$ips
// )
// );
// Log::add($logParams);
return $rez;
}
/**
* formats a value for display according to it's field definition
* @param array | int $field array of field properties or field id
* @param variant $value field value to be formated
* @param boolean $html default true - format for html, otherwise format for text display
* @return varchar formated value
*/
public static function formatValueForDisplay($field, $value, $html = true)
{
$cacheVarName = '';
if (is_numeric($field)) {
$field = $this->data->fields[$field];
}
//condition is specified for values from search templates
$condition = null;
if (is_array($value)) {
if (isset($value['cond'])) {
$condition = Template::formatConditionForDisplay($field, $value['cond'], $html) . ' ';
}
if (isset($value['value'])) {
$value = $value['value'];
} else {
$value = null;
}
}
//we'll cache scalar by default, but will exclude textual fields
$cacheValue = is_scalar($value);
if ($cacheValue) {
$fid = empty($field['id']) ? $field['name'] : $field['id'];
$cacheVarName = 'dv' . $html . '_' . $fid . '_' . $value;
//check if value is in cache and return
if (Cache::exist($cacheVarName)) {
return Cache::get($cacheVarName);
}
}
/*check if field is not rezerved field for usernames (cid, oid, uid, did)*/
if (!empty($field['name']) && in_array($field['name'], array('cid', 'oid', 'uid', 'did'))) {
$value = Util\toNumericArray($value);
for ($i = 0; $i < sizeof($value); $i++) {
$value[$i] = User::getDisplayName($value[$i]);
}
$value = implode(', ', $value);
} else {
switch ($field['type']) {
case 'boolean':
case 'checkbox':
$value = empty($value) ? '' : ($value < 0 ? L\get('no') : L\get('yes'));
break;
case '_sex':
switch ($value) {
case 'm':
$value = L\get('male');
break;
case 'f':
$value = L\get('female');
break;
default:
$value = '';
}
break;
case '_language':
@($value = @\CB\Config::get('language_settings')[\CB\Config::get('languages')[$value - 1]][0]);
break;
case 'combo':
case '_objects':
if (empty($value)) {
$value = '';
break;
}
$ids = Util\toNumericArray($value);
if (empty($ids)) {
if (empty($field['cfg']['source']) || !is_array($field['cfg']['source'])) {
$value = '';
}
break;
}
$value = array();
if (in_array(@$field['cfg']['source'], array('users', 'groups', 'usersgroups'))) {
$udp = UsersGroups::getDisplayData($ids);
foreach ($ids as $id) {
if (empty($udp[$id])) {
continue;
}
$r =& $udp[$id];
$label = @htmlspecialchars(Util\coalesce($r['title'], $r['name']), ENT_COMPAT);
if ($html) {
switch (@$field['cfg']['renderer']) {
case 'listGreenIcons':
$label = '<li class="icon-padding icon-element">' . $label . '</li>';
break;
// case 'listObjIcons':
// case 'listObjIcons':
default:
$icon = empty($r['iconCls']) ? 'icon-none' : $r['iconCls'];
$label = '<li class="icon-padding ' . $icon . '">' . $label . '</li>';
break;
}
}
$value[] = $label;
}
} else {
$objects = \CB\Objects::getCachedObjects($ids);
foreach ($ids as $id) {
if (empty($objects[$id])) {
continue;
}
$obj =& $objects[$id];
$d = $obj->getData();
$label = $obj->getHtmlSafeName();
$pids = $d['pids'];
if ($html && !empty($pids)) {
$pids = str_replace(',', '/', $pids);
$linkType = empty($field['cfg']['linkType']) ? '' : 'link-type-' . $field['cfg']['linkType'];
$label = '<a class="click ' . $linkType . '" template_id="' . $d['template_id'] . '" path="' . $pids . '" nid="' . $id . '">' . $label . '</a>';
}
switch (@$field['cfg']['renderer']) {
case 'listGreenIcons':
$value[] = $html ? '<li class="icon-padding icon-element">' . $label . '</li>' : $label;
break;
// case 'listObjIcons':
// case 'listObjIcons':
default:
$icon = \CB\Browser::getIcon($d);
if (empty($icon)) {
$icon = 'icon-none';
}
$value[] = $html ? '<li class="icon-padding ' . $icon . '">' . $label . '</li>' : $label;
break;
}
}
}
$value = $html ? '<ul class="clean">' . implode('', $value) . '</ul>' : implode(', ', $value);
break;
case '_fieldTypesCombo':
$value = L\get(@static::$fieldTypeNames[$value]);
break;
case 'date':
$value = Util\formatMysqlDate(Util\dateISOToMysql($value));
break;
case 'datetime':
$value = Util\UTCTimeToUserTimezone($value);
break;
case 'time':
if (empty($value)) {
continue;
}
$format = empty($field['format']) ? 'H:i' : $field['format'];
if (is_numeric($value)) {
$s = $value % 60;
$value = floor($value / 60);
$m = $value % 60;
$value = floor($value / 60);
if (strlen($value) < 2) {
$value = '0' . $value;
}
if (strlen($m) < 2) {
$m = '0' . $m;
}
$value .= ':' . $m;
if (!empty($s)) {
if (strlen($s) < 2) {
$s = '0' . $s;
}
$value .= ':' . $s;
}
} else {
$date = \DateTime::createFromFormat($format, $value);
if (is_object($date)) {
$value = $date->format($format);
}
}
break;
case 'html':
$cacheValue = false;
// $value = trim(strip_tags($value));
// $value = nl2br($value);
break;
case 'varchar':
case 'memo':
case 'text':
$cacheValue = false;
$renderers = '';
if (!empty($field['cfg']['linkRenderers'])) {
$renderers = $field['cfg']['linkRenderers'];
} elseif (!empty($field['cfg']['text_renderer'])) {
$renderers = $field['cfg']['text_renderer'];
}
$value = empty($renderers) ? nl2br(htmlspecialchars($value, ENT_COMPAT)) : nl2br(Comment::processAndFormatMessage($value), $renderers);
break;
default:
if (is_array($value)) {
$cacheValue = false;
$value = Util\jsonEncode($value);
} else {
$value = htmlspecialchars($value, ENT_COMPAT);
}
}
}
if ($cacheValue) {
Cache::set($cacheVarName, $condition . $value);
}
return $condition . $value;
}
$user_id = DM\Users::getIdByName($u);
if (empty($user_id)) {
$_SESSION['u_msg'] = L\get('UsernameNotFound');
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
} else {
$user = User::getPreferences($user_id);
$user_mail = empty($user['cfg']['security']['recovery_email']) ? $user['email'] : $user['cfg']['security']['recovery_email'];
if (empty($user_mail)) {
$_SESSION['u_msg'] = L\get('UserHasNoMail');
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
}
}
}
if (!UsersGroups::sendResetPasswordMail($user_id)) {
$_SESSION['msg'] = '<div class="alert alert-error">Error occured. Administrator has been notified by mail. Please retry later.</div>';
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
}
$_SESSION['msg'] = '<div class="alert alert-success">' . L\get('RecoverMessageSent') . '</div>';
break;
default:
header('location: ' . $coreUrl);
exit(0);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">