function edit()
{
if (!empty($this->data)) {
// is the user updating their password?
if (isset($this->data['User']['password']) && isset($this->data['User']['password_confirm'])) {
$this->User->set($this->data);
$this->User->id = $this->Session->read('Auth.User.id');
// check that the passwords are valid
if ($this->User->validates(array('fieldList' => array('password', 'password_confirm')))) {
// hash the passwords
$password = Security::hash($this->data['User']['password'], null, true);
$password_confirm = Security::hash($this->data['User']['password_confirm'], null, true);
if ($this->User->saveField('password', $password)) {
$this->Session->setFlash('Your password has been updated successfully.');
} else {
$this->Session->setFlash('There was a problem saving your password', 'error');
}
} else {
$this->User->invalidFields();
}
// clear out the fields
$this->data['User']['password'] = '';
$this->data['User']['password_confirm'] = '';
}
}
}
/**
* Serialize to array data from xml
*
* @return array Xml serialize array data
*/
public function serializeXmlToArray()
{
//後で修正する
$xmlData = Xml::toArray(Xml::build(self::NOTIFICATION_URL));
// rssの種類によってタグ名が異なる
if (isset($xmlData['feed'])) {
$items = Hash::get($xmlData, 'feed.entry');
$dateKey = 'published';
$linkKey = 'link.@href';
$summaryKey = 'summary';
} elseif (Hash::get($xmlData, 'rss.@version') === '2.0') {
$items = Hash::get($xmlData, 'rss.channel.item');
$dateKey = 'pubDate';
$linkKey = 'link';
$summaryKey = 'description';
} else {
$items = Hash::get($xmlData, 'RDF.item');
$dateKey = 'dc:date';
$linkKey = 'link';
$summaryKey = 'description';
}
if (!isset($items[0]) && is_array($items)) {
$items = array($items);
}
$data = array();
foreach ($items as $item) {
$date = new DateTime($item[$dateKey]);
$summary = Hash::get($item, $summaryKey);
$data[] = array('title' => $item['title'], 'link' => Hash::get($item, $linkKey), 'summary' => $summary ? strip_tags($summary) : '', 'last_updated' => $date->format('Y-m-d H:i:s'), 'key' => Security::hash(Hash::get($item, $linkKey), 'md5'));
}
return $data;
}
function getActivationHash()
{
if (!isset($this->id)) {
return false;
}
return substr(Security::hash(Configure::read('Security.salt') . $this->field('created') . date('Ymd')), 0, 8);
}
function admin_edit($id = null)
{
if (!$id) {
$this->redirect(array('controller' => 'users', 'action' => 'index', 'admin' => true));
}
$user = $this->User->read(null, $id);
$user_groups = $this->User->UserGroup->find('list');
$errors = array();
if (!empty($this->data)) {
if (!empty($this->data['User']['new_password'])) {
$this->data['User']['password'] = $this->data['User']['new_password'];
$hashed = Security::hash($this->data['User']['password'], 'sha1', true);
}
$this->User->set($this->data);
if ($this->User->validates()) {
if (isset($this->data['User']['password'])) {
$this->data['User']['password'] = $hashed;
}
$this->User->save($this->data, array('validate' => false));
$this->Session->setFlash('Användaren har nu sparats');
} else {
$errors = $this->User->invalidFields();
}
} else {
$this->data = $user;
}
$this->set('errors', $errors);
$this->set('userGroups', $user_groups);
$this->set('user', $user);
}
/**
* to encrypt password before save
* @param array $options
* @return boolean
* @author Laxmi Saini
*/
public function beforeSave($options = array())
{
if (isset($this->data['User']['new_password'])) {
$this->data['User']['password'] = Security::hash($this->data['User']['new_password'], null, true);
}
return true;
}
public function beforeSave($options = array())
{
if (isset($this->data[$this->name]['password']) && !empty($this->data[$this->name]['password'])) {
$this->data[$this->name]['password'] = Security::hash($this->data[$this->name]['password'], 'md5');
}
return true;
}
public function beforeSave($options = array())
{
if (!empty($this->data[$this->alias]['senha'])) {
$this->data[$this->alias]['senha'] = Security::hash($this->data[$this->alias]['senha'], 'blowfish');
}
return true;
}
public function forgotPassword($data)
{
$saveData = array();
$email = $data['email'];
$respone = array();
$options = array('conditions' => array('User.email' => $email));
$user = $this->find("first", $options);
if ($user) {
$resetCode = Security::hash(String::uuid(), 'sha1', true);
$url = Router::url(array('controller' => 'users', 'action' => 'resetPassword'), true) . '?code=' . $resetCode;
//Removing any previously generated
$this->ResetPassword->deleteAll(array('ResetPassword.user_id' => $user['User']['id']), false);
//saving validation code
$saveData['ResetPassword'] = array('user_id' => $user['User']['id'], 'reset_code' => $resetCode);
$status = $this->ResetPassword->saveAll($saveData, array('validate' => false));
if ($status) {
$Email = new Email();
$message = 'Reset password';
$message .= "Copy and Paste following url in your browser:\n";
$message .= $url;
if (SEND_EMAIL) {
$emailStatus = $Email->sendEmail($email, $message, EMAIL_TPL_RESET_PASSWORD);
} else {
$emailStatus = true;
}
if ($emailStatus) {
return array('status' => true, 'success_msg' => USER_RESET_PASSWORD_SUCCESS);
}
} else {
return array('status' => false, 'errors' => USER_ERR_RESET_PASSWORD_FAILED);
}
} else {
return array('status' => false, 'errors' => USER_ERR_EMAIL_NOT_REGISTERED);
}
}
public function create_admin()
{
$this->layout = 'admin';
if ($this->Session->read('Admin.admin') == null) {
$this->Session->setFlash("Vous n'avez rien a faire ici, oust !", "error");
$this->redirect(array('controller' => 'Admin', 'action' => 'index'));
} else {
if ($this->Session->read('roles.superadmin') == 0) {
$this->Session->setFlash("Vous n'avez pas le droit de faire sa", "error");
$this->redirect(array('controller' => 'Admin', 'action' => 'index'));
} else {
$role = $this->Role->find('list');
$this->set("roles", $role);
if ($this->request->is('post')) {
$d = $this->request->data;
$d['Create']['id'] = null;
if (!empty($d['Create']['passwd'])) {
$d['Create']['passwd'] = Security::hash($d['Create']['passwd'], null, true);
}
if ($this->Admin->save(array('admin' => $d['Create']['admin'], 'email' => $d['Create']['email'], 'passwd' => $d['Create']['passwd'], 'role' => $d['Create']['Role'], 'username' => $d['Create']['Username']))) {
$this->Session->setFlash("Admin créé", "notif");
} else {
$this->Session->setFlash("Erreur", "error");
}
}
}
}
}
/**
* _makeSrc
*
* @param $file
* @param $options
* @return
*/
function _makeSrc($file = null, $options = array())
{
$hash = $this->Session->read('Filebinder.hash');
$prefix = empty($options['prefix']) ? '' : $options['prefix'];
$filePath = empty($file['file_path']) ? empty($file['tmp_bind_path']) ? false : $file['tmp_bind_path'] : preg_replace('#/([^/]+)$#', '/' . $prefix . '$1', $file['file_path']);
if (empty($file) || !$filePath) {
return false;
}
if (!preg_match('#' . WWW_ROOT . '#', $filePath)) {
if (!empty($file['tmp_bind_path'])) {
if (empty($file['model_id']) || file_exists($file['tmp_bind_path'])) {
$file['model_id'] = 0;
$file['file_name'] = preg_replace('#.+/([^/]+)$#', '$1', $file['tmp_bind_path']);
}
}
// over 1.3
$prefixes = Configure::read('Routing.prefixes');
if (!$prefixes && Configure::read('Routing.admin')) {
$prefixes = Configure::read('Routing.admin');
}
$url = array();
foreach ((array) $prefixes as $p) {
$url[$p] = false;
}
$url = array_merge($url, array('plugin' => 'filebinder', 'controller' => 'filebinder', 'action' => 'loader', $file['model'], $file['model_id'], $file['field_name'], Security::hash($file['model'] . $file['model_id'] . $file['field_name'] . $hash), $prefix . $file['file_name']));
return $url;
}
$src = preg_replace('#' . WWW_ROOT . '#', DS, $filePath);
return $src;
}
public function edit($id = null, $data = null, $conditions = [])
{
$conditions['User.id'] = $id;
$user = $this->find('first', ['conditions' => $conditions]);
if (empty($user)) {
throw new OutOfBoundsException(__('Invalid Access', true));
}
if (!empty($data)) {
$this->set($data);
if (empty($this->data['User']['update_password_flg'])) {
unset($this->data['User']['password']);
unset($this->data['User']['password_confirm']);
} else {
if (!empty($this->data['User']['password'])) {
$this->data['User']['password'] = Security::hash($this->data['User']['password'], null, true);
}
if (!empty($this->data['User']['password_confirm'])) {
$this->data['User']['password_confirm'] = Security::hash($this->data['User']['password_confirm'], null, true);
}
}
$this->setValidation('edit');
$result = $this->save(null, true);
if ($result) {
$this->data = $result;
return true;
} else {
throw new ValidationException();
}
} else {
unset($user['User']['password']);
return $user;
}
}
public function import()
{
$file = $this->args[0];
App::import('Core', array('File', 'Security'));
$file = new File($file);
if (!$file->exists()) {
$this->out('Error: File does not exist: ' . $file->name);
return;
}
$row = 1;
$handle = fopen($file->path, 'r');
// $this->User->deleteAll(array());
while (($data = fgetcsv($handle, 1000, ',')) !== FALSE) {
$num = count($data);
if ($num != 4) {
continue;
}
$row++;
$this->User->create(array('role' => 'user', 'username' => $data[1], 'password' => Security::hash($data[2], null, true), 'email' => $data[3]));
if ($this->User->save()) {
$this->out('Saved: ' . $data[1]);
} else {
$this->out('Error: Failed saving: ' . $data[1]);
}
}
fclose($handle);
}
public function admin_new()
{
$this->set('current_crumb', __('New Admin', true));
$this->set('title_for_layout', __('New Admin', true));
if (empty($this->data)) {
$dataRoles = $this->User->Role->find('list', array('conditions' => array(), 'recursive' => -1, 'fields' => array('Role.id', 'Role.role_name')));
$this->set('dataRoles', $dataRoles);
} else {
// Redirect if the user pressed cancel
if (isset($this->data['cancelbutton'])) {
$this->redirect('/users/admin/');
die;
}
// Check for other users with this username
$check_username = $this->User->find('count', array('conditions' => array('username' => $this->data['User']['username'])));
if ($check_username > 0) {
$this->Session->setFlash(__('Could not create user account. User exists.', true));
$this->redirect('/users/admin/');
die;
}
$this->request->data['User']['password'] = Security::hash($this->data['User']['password'], 'sha1', true);
$this->User->save($this->data);
// Set some default preferences
$user_id = $this->User->getLastInsertId();
$this->Session->setFlash(__('Record created.', true));
$this->redirect('/users/admin/');
}
}
/**
* Validate Old Password from Database
* @return bool
*/
public function validate_current_password()
{
$user = $this->find('first', array('conditions' => array('User.id' => AuthComponent::user('id')), 'fields' => array('secret')));
$storedHash = $user['User']['secret'];
$newHash = Security::hash($this->data[$this->alias]['secretcurrent'], 'blowfish', $storedHash);
return $storedHash == $newHash;
}
public function login()
{
$errors = array();
$datas = array();
if (!empty($this->request->data)) {
//verifications angularjs
if (empty($this->request->data['username'])) {
//validations username
$errors['username'] = "******";
}
if (empty($this->request->data['password'])) {
//validations password
$errors['password'] = '******';
}
if (!empty($errors)) {
//vcrifications d'erreurs
$datas['success'] = false;
$datas['errors'] = $errors;
}
//connexion
$data = $this->request->data;
$data['password'] = Security::hash($data['password'], 'sha1', true);
$user = $this->User->find('first', array('conditions' => array('User.username' => $data['username'], 'User.password' => $data['password'])));
if (!empty($user)) {
if ($this->Auth->login($user['User'])) {
$datas['success'] = true;
$datas['message'] = 'Vous êtes connecté';
}
} else {
$datas['success'] = false;
$datas['errors']['identifiant'] = 'Identifiants incorrects';
}
echo json_encode($datas);
}
}
/**
* CakePHP's beforeValidate callback.
*
* @return boolean
* @access public
*/
public function beforeValidate()
{
parent::beforeValidate();
if (!empty($this->data)) {
/**
* An empty password value is never empty. The Auth module hashes
* the empty value which makes it non-empty and fools the notEmpty
* validation rule. This is bad.
*
* We want to recognize an empty password when we see one and
* throw it out, so we have to make that adjustment manually.
*/
$empty_password = Security::hash('', null, true);
if (isset($this->data[$this->alias]['password']) && $this->data[$this->alias]['password'] === $empty_password) {
if (!empty($this->id)) {
# When editing, just remove the data so no change is attempted.
unset($this->data[$this->alias]['password']);
unset($this->data[$this->alias]['confirm_password']);
} else {
# When creating, empty the value so it will be caught by validation.
$this->data[$this->alias]['password'] = '';
$this->data[$this->alias]['confirm_password'] = '';
}
}
}
return true;
}
/**
* Constructor
*
*/
public function __construct()
{
parent::__construct();
foreach ($this->records as &$record) {
$record['passwd'] = Security::hash($record['passwd'], null, true);
}
}
public function login()
{
$loginError = false;
if (empty($this->request->data)) {
$queryString = '?' . http_build_query($this->request->query);
$this->set(compact('queryString', 'loginError'));
} else {
$this->log('Request data:', 'debug');
//$this->log( serialize($this->request->data), 'debug');
$email = $this->request->data['Token']['email'];
$password = Security::hash($this->request->data['Token']['password'], 'md5');
$token = $this->Token->find('first', array('conditions' => array('and' => array('Token.email' => $email, 'password' => $password))));
if ($token) {
$bearerTokenReceivingUrl = urldecode($this->request->query['client_bearer_token_receiving_url']);
unset($this->request->query['client_bearer_token_receiving_url']);
$this->request->query['bearer_token'] = $token['Token']['token'];
$this->request->query['login_type'] = 'application';
return $this->redirect($bearerTokenReceivingUrl . '?' . http_build_query($this->request->query));
} else {
$loginError = true;
$queryString = '?' . http_build_query($this->request->query);
$this->set(compact('queryString', 'loginError'));
}
}
}
function hashPasswords($data, $enforce = false)
{
if (!empty($data['User']['password']) && $enforce) {
$data['User']['password'] = Security::hash($data['User']['password'], null, true);
}
return $data;
}
public function hashPasswords($data)
{
if (!isset($data['User']['name'])) {
$data[$this->alias]['password'] = Security::hash($data[$this->alias]['password']);
}
return $data;
}
function getActivationHash()
{
if (!isset($this->id)) {
return false;
}
return Security::hash($this->field('username') . $this->field('created'), null, true);
}
/**
* 画像をユーザのディレクトリに移動します。
*/
public function moveImage()
{
$this->log(__LINE__ . '::' . __METHOD__ . '::' . __('画像を登録開始-->') . print_r($this->request->data, true), 'debug');
// 引数チェック 空っぽだったら例外
if (empty($this->request->data['tmpFileName'])) {
throw new Exception(json_encode(__('画像が指定されていません')));
}
// 引数に指定してあるファイル名が存在するか確認します。存在しなければ例外
$this->log(__LINE__ . '::' . __METHOD__ . '::' . __('画像をチェック-->') . WWW_ROOT . MEDIA_TMP_DIR . '/' . $this->request->data['tmpFileName'], 'debug');
$fileExists = file_exists(WWW_ROOT . MEDIA_TMP_DIR . '/' . $this->request->data['tmpFileName']);
if (!$fileExists) {
throw new Exception(json_encode(__('画像の一時ファイルが見つかりません。')));
}
// ファイルをユーザのディレクトリに移動する
// もし、ユーザのディレクトリが存在しなければ作成してから移動する。
$this->log(__LINE__ . '::' . __METHOD__ . '::' . __('ディレクトリチェック-->') . WWW_ROOT . MEDIA_UPLAOD_DIR_BASE . '/' . AuthComponent::user('id'), 'debug');
$dirExists = file_exists(WWW_ROOT . MEDIA_UPLAOD_DIR_BASE . '/' . AuthComponent::user('id'));
if (!$dirExists) {
// ユーザのディレクトリが無いので作成。作成失敗したら例外
$mkDirResult = mkdir(WWW_ROOT . MEDIA_UPLAOD_DIR_BASE . '/' . AuthComponent::user('id'));
if (!$mkDirResult) {
throw new Exception(json_encode(__('ユーザディレクトリの作成に失敗しました')));
}
}
// 画像の拡張子を取得する
$ext = pathinfo(WWW_ROOT . MEDIA_TMP_DIR . '/' . $this->request->data['tmpFileName'], PATHINFO_EXTENSION);
// 移動
$userFileName = Security::hash(time() . rand(), 'sha1', true) . '.' . $ext;
$this->log(__LINE__ . '::' . __METHOD__ . '::' . __('移動先ファイル-->') . WWW_ROOT . MEDIA_UPLAOD_DIR_BASE . '/' . AuthComponent::user('id') . '/' . $userFileName, 'debug');
$moveResult = rename(WWW_ROOT . MEDIA_TMP_DIR . '/' . $this->request->data['tmpFileName'], WWW_ROOT . MEDIA_UPLAOD_DIR_BASE . '/' . AuthComponent::user('id') . '/' . $userFileName);
if (!$moveResult) {
throw new Exception(json_encode(__('ファイルの移動に失敗しました。')));
}
return $userFileName;
}
/**
* After migration callback
*
* @param string $direction, up or down direction of migration process
* @return boolean Should process continue
* @access public
*/
function after($direction)
{
$output = array();
// not used
if ($direction === 'up') {
if (!class_exists('Security')) {
App::import('Core', 'Security');
}
// create initial user
$User = $this->generateModel('User');
$user = array('User' => array('username' => 'admin', 'password' => Security::hash('GuideOnTheSideAdmin#1', null, true), 'role_id' => 2, 'deleted' => 0));
$this->output('insert_data', 'admin user');
$User->save($user);
// populate roles
$Role = $this->generateModel('Role');
$roles = array(array('id' => 1, 'name' => 'creator'), array('id' => 2, 'name' => 'admin'));
$this->output('insert_data', 'roles (' . implode(', ', Set::extract('{n}.name', $roles)) . ')');
$Role->saveAll($roles);
if (isset($this->callback)) {
// currently this just outputs a line break to the CLI
$this->callback->afterMigration($this->callback, $direction);
}
}
return true;
}
public function changePassword($previousPass, $newPass)
{
/*
* récupère l'ancien mot de passe et le nouveau
* va dans la base de données et change le mdp à l'email concerné
*/
if (strcmp($previousPass, $newPass) != 0) {
$change['Player']['email'] = AuthComponent::user('email');
$previousPass = Security::hash($previousPass);
$searchOldPass = "******" . $change['Player']['email'] . "' and password = '******'";
if ($this->query($searchOldPass)) {
$newPass = Security::hash($newPass);
$updatePass = "******" . $newPass . "' Where email = '" . $change['Player']['email'] . "'";
if ($this->query($updatePass)) {
return true;
}
return true;
} else {
return false;
}
return true;
} else {
return false;
}
}
public function beforeSave($options = array())
{
if (isset($this->data[$this->alias]['password'])) {
$this->data[$this->alias]['password'] = Security::hash($this->data[$this->alias]['password'], 'blowfish');
}
return true;
}
public function beforeSave($options = array())
{
if ($this->data['Administrador']['senha']) {
App::uses('Security', 'Utility');
$this->data['Administrador']['senha'] = Security::hash($this->data['Administrador']['senha'], null, true);
}
}
function step2($data)
{
//eseguo lo script MySQL
if (!$this->mySqlInstall()) {
$this->validationErrors['script_db'] = 'Errore nella compilazione del database';
return false;
}
//inserisco i dati di configurazione dell'utente admin
App::import('model', 'User');
$User = new User();
$User->create(array('User' => array('first_name' => $data['admin_first_name'], 'last_name' => $data['admin_last_name'], 'username' => $data['admin_username'], 'password' => Security::hash($data['admin_pwd'], null, true), 'email' => $data['admin_email'], 'role' => 0, 'active' => 1)));
if (!$User->save()) {
return false;
}
//scrivo il file installed.txt nella directory config
App::import('core', 'File');
$installedFile = new File(APP . 'config' . DS . 'installed.txt');
$installedFile->create();
//imposto correttamente i permessi sulle directories per la produzione
if (!$this->setFolderPermissions($this->writableDirsForInstall, '0755')) {
return false;
}
if (!$this->setFolderPermissions($this->writableDirsForProduction, '0755')) {
return false;
}
//tutto ok
return true;
}
function hashPasswords($data)
{
if (!empty($data['User']['psword'])) {
$data['User']['psword'] = Security::hash($data['User']['psword']);
}
return $data;
}
/**
* Generate authorization hash.
*
* @return string Hash
* @access public
* @static
*/
function generateAuthKey()
{
if (!class_exists('String')) {
App::import('Core', 'String');
}
return Security::hash(String::uuid());
}
public function beforeSave($options = array())
{
if (!$this->id) {
$this->data[$this->alias]['password'] = Security::hash($this->data[$this->alias]['password'], 'sha256', true);
}
return true;
}
