Ejemplo n.º 1
0
 /**
  * Set up this controller.
  *
  * @param String $action Name of the action to be invoked
  * @param Array  $args   Arguments to be passed to the action method
  */
 public function before_filter(&$action, &$args)
 {
     parent::before_filter($action, $args);
     if (!in_array($this->user->perms, words('autor tutor dozent'))) {
         throw new AccessDeniedException();
     }
     PageLayout::setHelpKeyword('Basis.HomepageUniversitäreDaten');
     PageLayout::setTitle(_('Studiengang bearbeiten'));
     Navigation::activateItem('/profile/edit/studies');
     SkipLinks::addIndex(_('Fächer und Abschlüsse auswählen'), 'select_fach_abschluss');
     SkipLinks::addIndex(_('Zu Einrichtungen zuordnen'), 'select_institute');
     $this->allow_change = array('sg' => !StudipAuthAbstract::CheckField('studiengang_id', $this->user->auth_plugin) && (Config::get()->ALLOW_SELFASSIGN_STUDYCOURSE || $GLOBALS['perm']->have_perm('admin')), 'in' => Config::get()->ALLOW_SELFASSIGN_INSTITUTE || $GLOBALS['perm']->have_perm('admin'));
 }
Ejemplo n.º 2
0
    public static function verify()
    {
        $user_id = false;

        if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
            $username = $_SERVER['PHP_AUTH_USER'];
            $password = $_SERVER['PHP_AUTH_PW'];
            $check = StudipAuthAbstract::CheckAuthentication($username, $password);
            if (!$check['uid'] || $check['uid'] == 'nobody') {
                throw new Exception(trim(strip_tags($check['error'])), 401);
            }
            $user_id = $check['uid'];
        }

        return $user_id;
    }
Ejemplo n.º 3
0
 /**
  * Handles the download the calendar data as iCalendar for the
  * user identified by $key.
  *
  *
  * @global Seminar_User $user
  * @global Seminar_Perm $perm
  * @param string $key
  * @param string $type type of export
  */
 function index_action($key = '')
 {
     if (strlen($key)) {
         $user_id = IcalExport::getUserIdByKey($key);
     } else {
         $username = $_SERVER['PHP_AUTH_USER'];
         $password = $_SERVER['PHP_AUTH_PW'];
         if (isset($username) && isset($password)) {
             $result = StudipAuthAbstract::CheckAuthentication($username, $password);
         }
         if (isset($result) && $result['uid'] !== false) {
             $user_id = $result['uid'];
         } else {
             $this->response->add_header('WWW-Authenticate', 'Basic realm="Stud.IP Login"');
             $this->set_status(401);
             $this->render_text('authentication failed');
             return;
         }
     }
     if ($user_id) {
         $GLOBALS['user'] = new Seminar_User($user_id);
         $GLOBALS['perm'] = new Seminar_Perm();
         $extype = 'ALL_EVENTS';
         $export = new CalendarExport(new CalendarWriterICalendar());
         $export->exportFromDatabase($user_id, strtotime('-4 week'), 2114377200, 'ALL_EVENTS');
         if ($GLOBALS['_calendar_error']->getMaxStatus(ErrorHandler::ERROR_CRITICAL)) {
             $this->set_status(500);
             $this->render_nothing();
             return;
         }
         $content = join($export->getExport());
         if (stripos($_SERVER['HTTP_USER_AGENT'], 'google-calendar') !== false) {
             $content = str_replace(array('CLASS:PRIVATE', 'CLASS:CONFIDENTIAL'), 'CLASS:PUBLIC', $content);
         }
         $this->response->add_header('Content-Type', 'text/calendar;charset=utf-8');
         $this->response->add_header('Content-Disposition', 'attachment; filename="studip.ics"');
         $this->response->add_header('Content-Transfer-Encoding', 'binary');
         $this->response->add_header('Pragma', 'public');
         $this->response->add_header('Cache-Control', 'private');
         $this->response->add_header('Content-Length', strlen($content));
         $this->render_text($content);
     } else {
         // delayed response to prevent brute force attacks ???
         $this->set_status(400);
         $this->render_nothing();
     }
 }
Ejemplo n.º 4
0
 function create_action()
 {
     $username = strtolower(Request::get("username"));
     $password = Request::get("password");
     if (isset($username) && isset($password)) {
         $result = StudipAuthAbstract::CheckAuthentication($username, $password);
     }
     if (!isset($result) || $result['uid'] === false) {
         $this->flash["notice"] = "login unsuccessful!";
         $this->redirect("session/new");
         return;
     }
     $user_id = get_userid($username);
     if (isset($user_id)) {
         $this->start_session($user_id);
     }
     $this->flash["notice"] = "login successful!";
     $this->redirect("quickdial");
 }
Ejemplo n.º 5
0
 /**
  * Stores the account informations of a user
  */
 public function store_action()
 {
     $this->check_ticket();
     $errors = $info = $success = array();
     $logout = false;
     //erstmal die "unwichtigen" Daten
     $geschlecht = Request::int('geschlecht');
     if ($this->shallChange('user_info.geschlecht', 'gender', $geschlecht)) {
         $this->user->geschlecht = $geschlecht;
     }
     $title_front = Request::get('title_front') ?: Request::get('title_front_chooser');
     if ($this->shallChange('user_info.title_front', 'title', $title_front)) {
         $this->user->title_front = $title_front;
     }
     $title_rear = Request::get('title_rear') ?: Request::get('title_rear_chooser');
     if ($this->shallChange('user_info.title_rear', 'title', $title_rear)) {
         $this->user->title_rear = $title_rear;
     }
     if ($this->user->store()) {
         $success[] = _('Ihre persönlichen Daten wurden geändert.');
         // Inform the user about this change
         setTempLanguage($this->user->user_id);
         $this->postPrivateMessage(_("Ihre persönlichen Daten wurden geändert.\n"));
         restoreLanguage();
     }
     //nur nötig wenn der user selbst seine daten ändert
     if (!$this->restricted) {
         // Vorname verändert ?
         $vorname = trim(Request::get('vorname'));
         if ($this->shallChange('auth_user_md5.Vorname', 'name', $vorname)) {
             // Vorname nicht korrekt oder fehlend
             if (!$this->validator->ValidateName($vorname)) {
                 $errors[] = _('Der Vorname fehlt oder ist unsinnig!');
             } else {
                 $this->user->Vorname = $vorname;
                 $success[] = _('Ihr Vorname wurde geändert!');
             }
         }
         // Nachname verändert ?
         $nachname = trim(Request::get('nachname'));
         if ($this->shallChange('auth_user_md5.Nachname', 'name', $nachname)) {
             // Nachname nicht korrekt oder fehlend
             if (!$this->validator->ValidateName($nachname)) {
                 $errors[] = _('Der Nachname fehlt oder ist unsinnig!');
             } else {
                 $this->user->Nachname = $nachname;
                 $success[] = _('Ihr Nachname wurde geändert!');
             }
         }
         // Username
         $new_username = trim(Request::get('new_username'));
         if ($this->shallChange('auth_user_md5.username', 'username', $new_username)) {
             if (!$this->validator->ValidateUsername($new_username)) {
                 $errors[] = _('Der gewählte Benutzername ist nicht lang genug!');
             } else {
                 if ($check_uname = StudipAuthAbstract::CheckUsername($new_username) && $check_uname['found']) {
                     $errors[] = _('Der Benutzername wird bereits von einem anderen Benutzer verwendet. Bitte wählen Sie einen anderen Usernamen!');
                 } else {
                     $this->user->username = $new_username;
                     $success[] = _('Ihr Benutzername wurde geändert!');
                     URLHelper::addLinkParam('username', $this->user->username);
                     $logout = true;
                 }
             }
         }
         // Email
         $email1 = trim(Request::get('email1'));
         $email2 = trim(Request::get('email2'));
         if ($this->shallChange('auth_user_md5.Email', 'email', $email1)) {
             $auth = StudipAuthAbstract::GetInstance($this->user->auth_plugin ?: 'standard');
             $is_sso = $auth instanceof StudipAuthSSO;
             if (!$is_sso && !$auth->isAuthenticated($this->user->username, Request::get('password'))) {
                 $errors[] = _('Das aktuelle Passwort wurde nicht korrekt eingegeben.');
             } else {
                 if ($email1 !== $email2) {
                     $errors[] = _('Die Wiederholung der E-Mail-Adresse stimmt nicht mit Ihrer Eingabe überein.');
                 } else {
                     $result = edit_email($this->user, $email1);
                     $messages = explode('§', $result[1]);
                     if ($result[0]) {
                         $this->user->Email = $email1;
                         if (count($messages) < 2) {
                             $success[] = _('Ihre E-Mail-Adresse wurde geändert!');
                         }
                     }
                     for ($i = 0; $i < count($messages); $i += 2) {
                         $type = $messages[$i];
                         if ($type === 'msg') {
                             $type = 'success';
                         } else {
                             if ($type === 'error') {
                                 $type = 'errors';
                             }
                         }
                         ${$type}[] = $messages[$i + 1];
                     }
                 }
             }
         }
     }
     if (count($errors) > 0) {
         $this->reportErrorWithDetails(_('Bitte überprüfen Sie Ihre Eingaben:'), $errors);
     } else {
         if ($this->user->store()) {
             $this->reportSuccessWithDetails(_('Ihre Nutzerdaten wurden geändert.'), $success);
             if (count($info) > 0) {
                 $this->reportInfoWithDetails(_('Bitte beachten Sie:'), $info);
             }
         }
     }
     if ($logout) {
         $token = uniqid('logout', true);
         $this->flash['logout-token'] = $token;
         $this->redirect('settings/account/logout?token=' . $token);
     } else {
         $this->redirect('settings/account');
     }
 }
Ejemplo n.º 6
0
 /**
  * Displays the user domain settings of a user.
  */
 public function index_action()
 {
     $this->allow_change = !StudipAuthAbstract::CheckField("userdomain_id", $this->user->auth_plugin) && $GLOBALS['perm']->have_perm('admin');
 }
Ejemplo n.º 7
0
 /**
  * check authentication for a user.
  *
  * @param string the api key.
  * @param string the user's username.
  * @param string the user's username.
  *
  * @return boolean returns TRUE if authentication was successful or a fault
  *                 otherwise.
  */
 function check_credentials_action($api_key, $username, $password)
 {
     list($user_id, $error_msg, $is_new_user) = array_values(StudipAuthAbstract::CheckAuthentication($username, $password));
     if ($user_id === false) {
         return new Studip_Ws_Fault(strip_tags($error_msg));
     } else {
         return true;
     }
 }
Ejemplo n.º 8
0
            </label>
        </td>
    </tr>
</tbody>

<? if (in_array($user['perms'], words('autor tutor dozent'))) : ?>
<tbody>
    <tr class="header-row">
        <th colspan="3" class="toggle-indicator">
            <a class="toggler"><b><?php 
echo _('Studiendaten');
?>
</b></a>
        </th>
    </tr>
    <? if (!StudipAuthAbstract::CheckField('studiengang_id', $auth_plugin)) : ?>
    <tr>
        <td>
            <label for="new_studiengang"><?php 
echo _('Neuer Studiengang');
?>
</label>
        </td>
        <td colspan="2">
            <? $about->select_studiengang() ?>
            <? $about->select_abschluss() ?>
            <select name="fachsem">
            <? for ($s=1; $s < 51; $s++) : ?>
                <option><?php 
echo $s;
?>
Ejemplo n.º 9
0
require '../lib/bootstrap.php';
page_open(array("sess" => "Seminar_Session", "auth" => "Seminar_Default_Auth", "perm" => "Seminar_Perm", "user" => "Seminar_User"));
require_once 'lib/messaging.inc.php';
//nur wenn wir angemeldet sind sollten wir dies tun!
if ($auth->auth["uid"] != "nobody") {
    $sms = new messaging();
    $my_messaging_settings = UserConfig::get($user->id)->MESSAGING_SETTINGS;
    //Wenn Option dafuer gewaehlt, alle ungelsesenen Nachrichten als gelesen speichern
    if ($my_messaging_settings["logout_markreaded"]) {
        $sms->set_read_all_messages();
    }
    $logout_user = $user->id;
    // TODO this needs to be generalized or removed
    //erweiterung cas
    if ($auth->auth["auth_plugin"] == "cas") {
        $casauth = StudipAuthAbstract::GetInstance('cas');
        $docaslogout = true;
    }
    //Logout aus dem Sessionmanagement
    $auth->logout();
    $sess->delete();
    page_close();
    //Session changed zuruecksetzen
    $timeout = time() - 15 * 60;
    $user->set_last_action($timeout);
    //der logout() Aufruf fuer CAS (dadurch wird das Cookie (Ticket) im Browser zerstoert)
    if ($docaslogout) {
        $casauth->logout();
    }
} else {
    $sess->delete();
Ejemplo n.º 10
0
 /**
  * Change an existing studip user according to the given parameters
  *
  * @access   public
  * @param    array   structure: array('string table_name.field_name'=>'string value')
  * @return   bool Change successful?
  */
 function changeUser($newuser)
 {
     global $perm;
     // Do we have permission to do so?
     if (!$perm->have_perm("admin")) {
         $this->msg .= "error§" . _("Sie haben keine Berechtigung Accounts zu verändern.") . "§";
         return FALSE;
     }
     if (!$perm->is_fak_admin() && $newuser['auth_user_md5.perms'] == "admin") {
         $this->msg .= "error§" . _("Sie haben keine Berechtigung, <em>Admin-Accounts</em> anzulegen.") . "§";
         return FALSE;
     }
     if (!$perm->have_perm("root") && $newuser['auth_user_md5.perms'] == "root") {
         $this->msg .= "error§" . _("Sie haben keine Berechtigung, <em>Root-Accounts</em> anzulegen.") . "§";
         return FALSE;
     }
     if (!$perm->have_perm("root")) {
         if (!$perm->is_fak_admin() && $this->user_data['auth_user_md5.perms'] == "admin") {
             $this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Admin-Accounts</em> zu verändern.") . "§";
             return FALSE;
         }
         if ($this->user_data['auth_user_md5.perms'] == "root") {
             $this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Root-Accounts</em> zu verändern.") . "§";
             return FALSE;
         }
         if ($perm->is_fak_admin() && $this->user_data['auth_user_md5.perms'] == "admin") {
             if (!$this->adminOK()) {
                 $this->msg .= "error§" . _("Sie haben keine Berechtigung diesen Admin-Account zu verändern.") . "§";
                 return FALSE;
             }
         }
     }
     // active dozent? (ignore the studygroup guys)
     $status = studygroup_sem_types();
     if (empty($status)) {
         $count = 0;
     } else {
         $query = "SELECT COUNT(*)\n                      FROM seminar_user AS su\n                          LEFT JOIN seminare AS s USING (Seminar_id)\n                      WHERE su.user_id = ?\n                          AND s.status NOT IN (?)\n                          AND su.status = 'dozent'\n                          AND (SELECT COUNT(*) FROM seminar_user su2 WHERE Seminar_id = su.Seminar_id AND su2.status = 'dozent') = 1\n                      GROUP BY user_id";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id'], $status));
         $count = $statement->fetchColumn();
     }
     if ($count && isset($newuser['auth_user_md5.perms']) && $newuser['auth_user_md5.perms'] != "dozent") {
         $this->msg .= sprintf("error§" . _("Der Benutzer <em>%s</em> ist alleiniger Dozent in %s aktiven Veranstaltungen und kann daher nicht in einen anderen Status versetzt werden!") . "§", $this->user_data['auth_user_md5.username'], $count);
         return FALSE;
     }
     // active admin?
     if ($this->user_data['auth_user_md5.perms'] == 'admin' && $newuser['auth_user_md5.perms'] != 'admin') {
         // count number of institutes where the user is admin
         $query = "SELECT COUNT(*)\n                      FROM user_inst\n                      WHERE user_id = ? AND inst_perms = 'admin'\n                      GROUP BY Institut_id";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id']));
         // if there are institutes with admin-perms, add error-message and deny change
         if ($count = $statement->fetchColumn()) {
             $this->msg .= sprintf('error§' . _("Der Benutzer <em>%s</em> ist Admin in %s Einrichtungen und kann daher nicht in einen anderen Status versetzt werden!") . '§', $this->user_data['auth_user_md5.username'], $count);
             return false;
         }
     }
     // Is the username correct?
     if (isset($newuser['auth_user_md5.username'])) {
         if ($this->user_data['auth_user_md5.username'] != $newuser['auth_user_md5.username']) {
             if (!$this->validator->ValidateUsername($newuser['auth_user_md5.username'])) {
                 $this->msg .= "error§" . _("Der gewählte Benutzername ist zu kurz oder enthält unzulässige Zeichen!") . "§";
                 return FALSE;
             }
             $check_uname = StudipAuthAbstract::CheckUsername($newuser['auth_user_md5.username']);
             if ($check_uname['found']) {
                 $this->msg .= "error§" . _("Der Benutzername wird bereits von einem anderen Benutzer verwendet. Bitte wählen Sie einen anderen Benutzernamen!") . "§";
                 return false;
             } else {
                 //$this->msg .= "info§" . $check_uname['error'] ."§";
             }
         } else {
             unset($newuser['auth_user_md5.username']);
         }
     }
     // Can we reach the email?
     if (isset($newuser['auth_user_md5.Email'])) {
         if (!$this->checkMail($newuser['auth_user_md5.Email'])) {
             return FALSE;
         }
     }
     // Store changed values in internal array if allowed
     $old_perms = $this->user_data['auth_user_md5.perms'];
     $auth_plugin = $this->user_data['auth_user_md5.auth_plugin'];
     foreach ($newuser as $key => $value) {
         if (!StudipAuthAbstract::CheckField($key, $auth_plugin)) {
             $this->user_data[$key] = $value;
         } else {
             $this->msg .= "error§" . sprintf(_("Das Feld <em>%s</em> können Sie nicht ändern!"), $key) . "§";
             return FALSE;
         }
     }
     if (!$this->storeToDatabase()) {
         $this->msg .= "info§" . _("Es wurden keine Veränderungen der Grunddaten vorgenommen.") . "§";
         return false;
     }
     $this->msg .= "msg§" . sprintf(_("Benutzer \"%s\" verändert."), $this->user_data['auth_user_md5.username']) . "§";
     if ($auth_plugin !== null) {
         // Automated entering new users, based on their status (perms)
         $result = AutoInsert::instance()->saveUser($this->user_data['auth_user_md5.user_id'], $newuser['auth_user_md5.perms']);
         foreach ($result['added'] as $item) {
             $this->msg .= "msg§" . sprintf(_("Das automatische Eintragen in die Veranstaltung <em>%s</em> wurde durchgeführt."), $item) . "§";
         }
         foreach ($result['removed'] as $item) {
             $this->msg .= "msg§" . sprintf(_("Das automatische Austragen aus der Veranstaltung <em>%s</em> wurde durchgeführt."), $item) . "§";
         }
         // include language-specific subject and mailbody
         $user_language = getUserLanguagePath($this->user_data['auth_user_md5.user_id']);
         $Zeit = date("H:i:s, d.m.Y", time());
         include "locale/{$user_language}/LC_MAILS/change_mail.inc.php";
         // send mail
         StudipMail::sendMessage($this->user_data['auth_user_md5.Email'], $subject, $mailbody);
     }
     // Upgrade to admin or root?
     if ($newuser['auth_user_md5.perms'] == "admin" || $newuser['auth_user_md5.perms'] == "root") {
         $this->re_sort_position_in_seminar_user();
         // delete all seminar entries
         $query = "SELECT seminar_id FROM seminar_user WHERE user_id = ?";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id']));
         $seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN);
         $query = "DELETE FROM seminar_user WHERE user_id = ?";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id']));
         if (($db_ar = $statement->rowCount()) > 0) {
             $this->msg .= "info§" . sprintf(_("%s Einträge aus Veranstaltungen gelöscht."), $db_ar) . "§";
             array_map('update_admission', $seminar_ids);
         }
         // delete all entries from waiting lists
         $query = "SELECT seminar_id FROM admission_seminar_user WHERE user_id = ?";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id']));
         $seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN);
         $query = "DELETE FROM admission_seminar_user WHERE user_id = ?";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id']));
         if (($db_ar = $statement->rowCount()) > 0) {
             $this->msg .= "info§" . sprintf(_("%s Einträge aus Wartelisten gelöscht."), $db_ar) . "§";
             array_map('update_admission', $seminar_ids);
         }
         // delete 'Studiengaenge'
         $query = "DELETE FROM user_studiengang WHERE user_id = ?";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id']));
         if (($db_ar = $statement->rowCount()) > 0) {
             $this->msg .= "info§" . sprintf(_("%s Zuordnungen zu Studiengängen gelöscht."), $db_ar) . "§";
         }
         // delete all private appointments of this user
         if ($db_ar = delete_range_of_dates($this->user_data['auth_user_md5.user_id'], FALSE) > 0) {
             $this->msg .= "info§" . sprintf(_("%s Einträge aus den Terminen gelöscht."), $db_ar) . "§";
         }
     }
     if ($newuser['auth_user_md5.perms'] == "admin") {
         $this->logInstUserDel($this->user_data['auth_user_md5.user_id'], "inst_perms != 'admin'");
         $query = "DELETE FROM user_inst WHERE user_id = ? AND inst_perms != 'admin'";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id']));
         if (($db_ar = $statement->rowCount()) > 0) {
             $this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§";
         }
     }
     if ($newuser['auth_user_md5.perms'] == "root") {
         $this->logInstUserDel($this->user_data['auth_user_md5.user_id']);
         $query = "DELETE FROM user_inst WHERE user_id = ?";
         $statement = DBManager::get()->prepare($query);
         $statement->execute(array($this->user_data['auth_user_md5.user_id']));
         if (($db_ar = $statement->rowCount()) > 0) {
             $this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§";
         }
     }
     return TRUE;
 }
Ejemplo n.º 11
0
 /**
  * @return bool
  */
 function auth_validatelogin()
 {
     global $_language_path;
     //prevent replay attack
     if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) {
         return false;
     }
     // check for direct link
     if (!$_SESSION['_language'] || $_SESSION['_language'] == "") {
         $_SESSION['_language'] = get_accepted_languages();
     }
     $_language_path = init_i18n($_SESSION['_language']);
     include 'config.inc.php';
     $this->auth["uname"] = Request::get('loginname');
     // This provides access for "loginform.ihtml"
     $this->auth["jscript"] = Request::get('resolution') != "";
     $this->auth['devicePixelRatio'] = Request::float('device_pixel_ratio');
     $check_auth = StudipAuthAbstract::CheckAuthentication(Request::get('loginname'), Request::get('password'));
     if ($check_auth['uid']) {
         $uid = $check_auth['uid'];
         if ($check_auth['need_email_activation'] == $uid) {
             $this->need_email_activation = $uid;
             $_SESSION['semi_logged_in'] = $uid;
             return false;
         }
         $user = $check_auth['user'];
         $this->auth["perm"] = $user->perms;
         $this->auth["uname"] = $user->username;
         $this->auth["auth_plugin"] = $user->auth_plugin;
         $this->auth_set_user_settings($user);
         Metrics::increment('core.login.succeeded');
         return $uid;
     } else {
         Metrics::increment('core.login.failed');
         $this->error_msg = $check_auth['error'];
         return false;
     }
 }
Ejemplo n.º 12
0
 /**
  * Determines whether a user is permitted to change a certain value
  * and if provided, whether the value has actually changed.
  *
  * @param String $field Which db field shall change
  * @param mixed $attribute Which attribute is related (optional,
  *                         automatically guessedif missing)
  * @param mixed $value Optional new value of the field (used to determine
  *                     whether the value has actually changed)
  * @return bool Indicates whether the value shall actually change
  */
 public function shallChange($field, $attribute = null, $value = null)
 {
     $column = end(explode('.', $field));
     $attribute = $attribute ?: strtolower($column);
     $global_mapping = array('email' => 'ALLOW_CHANGE_EMAIL', 'name' => 'ALLOW_CHANGE_NAME', 'title' => 'ALLOW_CHANGE_TITLE', 'username' => 'ALLOW_CHANGE_USERNAME');
     if (isset($global_mapping[$attribute]) and !$GLOBALS[$global_mapping[$attribute]]) {
         return false;
     }
     return !($field && StudipAuthAbstract::CheckField($field, $this->user->auth_plugin)) && !LockRules::check($this->user->user_id, $attribute) && ($value === null || $this->user->{$column} != $value);
 }
Ejemplo n.º 13
0
function edit_email($user, $email, $force = False)
{
    $msg = '';
    $query = "SELECT email, username, auth_plugin\n              FROM auth_user_md5\n              WHERE user_id = ?";
    $statement = DBManager::get()->prepare($query);
    $statement->execute(array($user->user_id));
    $row = $statement->fetch(PDO::FETCH_ASSOC);
    $email_cur = $row['email'];
    $username = $row['username'];
    $auth_plugin = $row['auth_plugin'];
    if ($email_cur == $email && !$force) {
        return array(True, $msg);
    }
    if (StudipAuthAbstract::CheckField("auth_user_md5.Email", $auth_plugin) || LockRules::check($user->user_id, 'email')) {
        return array(False, $msg);
    }
    if (!$GLOBALS['ALLOW_CHANGE_EMAIL']) {
        return array(False, $msg);
    }
    $validator = new email_validation_class();
    ## Klasse zum Ueberpruefen der Eingaben
    $validator->timeout = 10;
    $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
    $Zeit = date("H:i:s, d.m.Y", time());
    // accept only registered domains if set
    $email_restriction = trim(get_config('EMAIL_DOMAIN_RESTRICTION'));
    if (!$validator->ValidateEmailAddress($email, $email_restriction)) {
        if ($email_restriction) {
            $email_restriction_msg_part = '';
            $email_restriction_parts = explode(',', $email_restriction);
            for ($email_restriction_count = 0; $email_restriction_count < count($email_restriction_parts); $email_restriction_count++) {
                if ($email_restriction_count == count($email_restriction_parts) - 1) {
                    $email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . '<br>';
                } else {
                    if (($email_restriction_count + 1) % 3) {
                        $email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . ', ';
                    } else {
                        $email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . ',<br>';
                    }
                }
            }
            $msg .= 'error§' . sprintf(_("Die E-Mail-Adresse fehlt, ist falsch geschrieben oder gehört nicht zu folgenden Domains:%s"), '<br>' . $email_restriction_msg_part);
        } else {
            $msg .= "error§" . _("Die E-Mail-Adresse fehlt oder ist falsch geschrieben!") . "§";
        }
        return array(False, $msg);
        // E-Mail syntaktisch nicht korrekt oder fehlend
    }
    if (!$validator->ValidateEmailHost($email)) {
        // Mailserver nicht erreichbar, ablehnen
        $msg .= "error§" . _("Der Mailserver ist nicht erreichbar. Bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken können!") . "§";
        return array(False, $msg);
    } else {
        // Server ereichbar
        if (!$validator->ValidateEmailBox($email)) {
            // aber user unbekannt. Mail an abuse!
            StudipMail::sendAbuseMessage("edit_about", "Emailbox unbekannt\n\nUser: "******"\nEmail: {$email}\n\nIP: {$REMOTE_ADDR}\nZeit: {$Zeit}\n");
            $msg .= "error§" . _("Die angegebene E-Mail-Adresse ist nicht erreichbar. Bitte überprüfen Sie Ihre Angaben!") . "§";
            return array(False, $msg);
        }
    }
    $query = "SELECT Vorname, Nachname\n              FROM auth_user_md5\n              WHERE Email = ? AND user_id != ?";
    $statement = DBManager::get()->prepare($query);
    $statement->execute(array($email, $user->user_id));
    $row = $statement->fetch(PDO::FETCH_ASSOC);
    if ($row) {
        $msg .= "error§" . sprintf(_("Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer (%s %s) verwendet. Bitte geben Sie eine andere E-Mail-Adresse an."), htmlReady($row['Vorname']), htmlReady($row['Nachname'])) . "§";
        return array(False, $msg);
    }
    // This already moved to the controller
    //    $query = "UPDATE auth_user_md5 SET Email = ? WHERE user_id = ?";
    //    $statement = DBManager::get()->prepare($query);
    //    $statement->execute(array($email, $uid));
    if (StudipAuthAbstract::CheckField("auth_user_md5.validation_key", $auth_plugin)) {
        $msg .= "msg§" . _("Ihre E-Mail-Adresse wurde geändert!") . "§";
        return array(True, $msg);
    } else {
        // auth_plugin does not map validation_key (what if...?)
        // generate 10 char activation key
        $key = '';
        mt_srand((double) microtime() * 1000000);
        for ($i = 1; $i <= 10; $i++) {
            $temp = mt_rand() % 36;
            if ($temp < 10) {
                $temp += 48;
            } else {
                $temp += 87;
            }
            // a = chr(97), z = chr(122)
            $key .= chr($temp);
        }
        $user->validation_key = $key;
        $activatation_url = $GLOBALS['ABSOLUTE_URI_STUDIP'] . 'activate_email.php?uid=' . $user->user_id . '&key=' . $user->validation_key;
        // include language-specific subject and mailbody with fallback to german
        $lang = $GLOBALS['_language_path'];
        // workaround
        if ($lang == '') {
            $lang = 'de';
        }
        include_once "locale/{$lang}/LC_MAILS/change_self_mail.inc.php";
        $mail = StudipMail::sendMessage($email, $subject, $mailbody);
        if (!$mail) {
            return array(True, $msg);
        }
        $query = "UPDATE auth_user_md5 SET validation_key = ? WHERE user_id = ?";
        $statement = DBManager::get()->prepare($query);
        $statement->execute(array($user->validation_key, $user->user_id));
        $msg .= "info§<b>" . sprintf(_('An Ihre neue E-Mail-Adresse <b>%s</b> wurde ein Aktivierungslink geschickt, dem Sie folgen müssen bevor Sie sich das nächste mal einloggen können.'), $email) . '</b>§';
        log_event("USER_NEWPWD", $user->user_id);
        // logging
    }
    return array(True, $msg);
}
Ejemplo n.º 14
0
 /**
  * Constructor
  *
  * 
  * @access public
  * 
  */
 function __construct()
 {
     //calling the baseclass constructor
     parent::__construct();
 }
Ejemplo n.º 15
0
 /**
  * @return bool|string
  */
 function auth_doregister()
 {
     global $_language_path;
     $this->error_msg = "";
     // check for direct link to register2.php
     if (!$_SESSION['_language'] || $_SESSION['_language'] == "") {
         $_SESSION['_language'] = get_accepted_languages();
     }
     $_language_path = init_i18n($_SESSION['_language']);
     $this->auth["uname"] = Request::username('username');
     // This provides access for "crcregister.ihtml"
     $validator = new email_validation_class();
     // Klasse zum Ueberpruefen der Eingaben
     $validator->timeout = 10;
     // Wie lange warten wir auf eine Antwort des Mailservers?
     if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) {
         return false;
     }
     $username = trim(Request::get('username'));
     $Vorname = trim(Request::get('Vorname'));
     $Nachname = trim(Request::get('Nachname'));
     // accept only registered domains if set
     $cfg = Config::GetInstance();
     $email_restriction = $cfg->getValue('EMAIL_DOMAIN_RESTRICTION');
     if ($email_restriction) {
         $Email = trim(Request::get('Email')) . '@' . trim(Request::get('emaildomain'));
     } else {
         $Email = trim(Request::get('Email'));
     }
     if (!$validator->ValidateUsername($username)) {
         $this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist zu kurz!") . "<br>";
         return false;
     }
     // username syntaktisch falsch oder zu kurz
     // auf doppelte Vergabe wird weiter unten getestet.
     if (!$validator->ValidatePassword(Request::quoted('password'))) {
         $this->error_msg = $this->error_msg . _("Das Passwort ist zu kurz!") . "<br>";
         return false;
     }
     if (!$validator->ValidateName($Vorname)) {
         $this->error_msg = $this->error_msg . _("Der Vorname fehlt oder ist unsinnig!") . "<br>";
         return false;
     }
     // Vorname nicht korrekt oder fehlend
     if (!$validator->ValidateName($Nachname)) {
         $this->error_msg = $this->error_msg . _("Der Nachname fehlt oder ist unsinnig!") . "<br>";
         return false;
         // Nachname nicht korrekt oder fehlend
     }
     if (!$validator->ValidateEmailAddress($Email)) {
         $this->error_msg = $this->error_msg . _("Die E-Mail-Adresse fehlt oder ist falsch geschrieben!") . "<br>";
         return false;
     }
     // E-Mail syntaktisch nicht korrekt oder fehlend
     $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
     $Zeit = date("H:i:s, d.m.Y", time());
     if (!$validator->ValidateEmailHost($Email)) {
         // Mailserver nicht erreichbar, ablehnen
         $this->error_msg = $this->error_msg . _("Der Mailserver ist nicht erreichbar, bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken und empfangen können!") . "<br>";
         return false;
     } else {
         // Server ereichbar
         if (!$validator->ValidateEmailBox($Email)) {
             // aber user unbekannt. Mail an abuse!
             StudipMail::sendAbuseMessage("Register", "Emailbox unbekannt\n\nUser: {$username}\nEmail: {$Email}\n\nIP: {$REMOTE_ADDR}\nZeit: {$Zeit}\n");
             $this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse ist nicht erreichbar, bitte überprüfen Sie Ihre Angaben!") . "<br>";
             return false;
         } else {
             // Alles paletti, jetzt kommen die Checks gegen die Datenbank...
         }
     }
     $check_uname = StudipAuthAbstract::CheckUsername($username);
     if ($check_uname['found']) {
         //   error_log("username schon vorhanden", 0);
         $this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist bereits vorhanden!") . "<br>";
         return false;
         // username schon vorhanden
     }
     if (count(User::findBySQL("Email LIKE " . DbManager::get()->quote($Email)))) {
         $this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer verwendet. Sie müssen eine andere E-Mail-Adresse angeben!") . "<br>";
         return false;
         // Email schon vorhanden
     }
     // alle Checks ok, Benutzer registrieren...
     $hasher = UserManagement::getPwdHasher();
     $new_user = new User();
     $new_user->username = $username;
     $new_user->perms = 'user';
     $new_user->password = $hasher->HashPassword(Request::get('password'));
     $new_user->vorname = $Vorname;
     $new_user->nachname = $Nachname;
     $new_user->email = $Email;
     $new_user->geschlecht = Request::int('geschlecht');
     $new_user->title_front = trim(Request::get('title_front', Request::get('title_front_chooser')));
     $new_user->title_rear = trim(Request::get('title_rear', Request::get('title_rear_chooser')));
     $new_user->auth_plugin = 'standard';
     $new_user->store();
     if ($new_user->user_id) {
         self::sendValidationMail($new_user);
         $this->auth["perm"] = $new_user->perms;
         return $new_user->user_id;
     }
 }
Ejemplo n.º 16
0
 /**
  * static method to check for a mapped field
  *
  * this method checks in the plugin with the passed name, if the passed
  * Stud.IP DB field is mapped to an external data source
  *
  * @access public
  * @static
  * @param    string  the name of the db field must be in form '<table name>.<field name>'
  * @param    string  the name of the plugin to check
  * @return   bool    true if the field is mapped, else false
  */
 static function CheckField($field_name, $plugin_name)
 {
     if (!$plugin_name) {
         return false;
     }
     $plugin = StudipAuthAbstract::GetInstance($plugin_name);
     return is_object($plugin) ? $plugin->isMappedField($field_name) : false;
 }
Ejemplo n.º 17
0
 /**
  * get preferences
  *
  * shows additional settings.
  * @access public
  */
 function getPreferences()
 {
     global $connected_cms;
     $role_template_name = Request::get('role_template_name');
     $cat_name = Request::get('cat_name');
     $this->soap_client->setCachingStatus(false);
     if ($cat_name != "") {
         $cat = $this->soap_client->getReferenceByTitle(trim($cat_name), "cat");
         if ($cat == false) {
             $messages["error"] .= sprintf(_("Das Objekt mit dem Namen \"%s\" wurde im System %s nicht gefunden."), htmlReady($cat_name), htmlReady($this->getName())) . "<br>\n";
         } elseif ($cat != "") {
             ELearningUtils::setConfigValue("category_id", $cat, $this->cms_type);
             $this->main_category_node_id = $cat;
         }
     }
     if ($this->main_category_node_id != false and ELearningUtils::getConfigValue("user_category_id", $this->cms_type) == "") {
         $object_data["title"] = sprintf(_("User-Daten"));
         $object_data["description"] = _("Hier befinden sich die persönlichen Ordner der Stud.IP-User.");
         $object_data["type"] = "cat";
         $object_data["owner"] = $this->user->getId();
         $user_cat = $connected_cms[$this->cms_type]->soap_client->addObject($object_data, $connected_cms[$this->cms_type]->main_category_node_id);
         if ($user_cat != false) {
             $this->user_category_node_id = $user_cat;
             ELearningUtils::setConfigValue("user_category_id", $user_cat, $this->cms_type);
         } else {
             $messages["error"] .= _("Die Kategorie für User-Daten konnte nicht angelegt werden.") . "<br>\n";
         }
     }
     if ($role_template_name != "") {
         $role_template = $this->soap_client->getObjectByTitle(trim($role_template_name), "rolt");
         if ($role_template == false) {
             $messages["error"] .= sprintf(_("Das Rollen-Template mit dem Namen \"%s\" wurde im System %s nicht gefunden."), htmlReady($role_template_name), htmlReady($this->getName())) . "<br>\n";
         }
         if (is_array($role_template)) {
             ELearningUtils::setConfigValue("user_role_template_id", $role_template["obj_id"], $this->cms_type);
             ELearningUtils::setConfigValue("user_role_template_name", $role_template["title"], $this->cms_type);
             $this->user_role_template_id = $role_template["obj_id"];
         }
     }
     if (Request::submitted('submit')) {
         ELearningUtils::setConfigValue("encrypt_passwords", Request::option("encrypt_passwords"), $this->cms_type);
         $encrypt_passwords = Request::option("encrypt_passwords");
         ELearningUtils::setConfigValue("ldap_enable", Request::option("ldap_enable"), $this->cms_type);
         $this->ldap_enable = Request::option("ldap_enable");
     } else {
         if (ELearningUtils::getConfigValue("encrypt_passwords", $this->cms_type) != "") {
             $encrypt_passwords = ELearningUtils::getConfigValue("encrypt_passwords", $this->cms_type);
         }
     }
     $cat = $this->soap_client->getObjectByReference($this->main_category_node_id);
     $user_cat = $this->soap_client->getObjectByReference($this->user_category_node_id);
     $title = $this->link->getModuleLink($user_cat["title"], $this->user_category_node_id, "cat");
     $ldap_options = array();
     foreach (StudipAuthAbstract::GetInstance() as $plugin) {
         if ($plugin instanceof StudipAuthLdap) {
             $ldap_options[] = '<option ' . ($plugin->plugin_name == $this->ldap_enable ? 'selected' : '') . '>' . $plugin->plugin_name . '</option>';
         }
     }
     ob_start();
     ConnectedCMS::getPreferences();
     $module_types = ob_get_clean();
     $template = $GLOBALS['template_factory']->open('elearning/ilias4_connected_cms_preferences.php');
     $template->set_attribute('messages', $messages);
     $template->set_attribute('soap_error', $this->soap_client->getError());
     $template->set_attribute('soap_data', $this->soap_data);
     $template->set_attribute('main_category_node_id', $this->main_category_node_id);
     $template->set_attribute('main_category_node_id_title', $cat['title']);
     $template->set_attribute('user_category_node_id', $this->user_category_node_id);
     $template->set_attribute('user_category_node_id_title', $title);
     $template->set_attribute('user_role_template_name', ELearningUtils::getConfigValue("user_role_template_name", $this->cms_type));
     $template->set_attribute('user_role_template_id', $this->user_role_template_id);
     $template->set_attribute('encrypt_passwords', $encrypt_passwords);
     $template->set_attribute('ldap_options', count($ldap_options) ? join("\n", array_merge(array('<option></option>'), $ldap_options)) : '');
     $template->set_attribute('module_types', $module_types);
     echo $template->render();
 }
Ejemplo n.º 18
0
 /**
  * Initialize the subnavigation of this item. This method
  * is called once before the first item is added or removed.
  */
 public function initSubNavigation()
 {
     global $user, $perm;
     parent::initSubNavigation();
     $username = Request::username('username', $user->username);
     $current_user = $username == $user->username ? $user : User::findByUsername($username);
     // profile
     $navigation = new Navigation(_('Profil'), 'dispatch.php/profile/index');
     $this->addSubNavigation('index', $navigation);
     if ($perm->have_profile_perm('user', $current_user->user_id)) {
         // avatar
         $navigation = new Navigation(_('Bild'), 'dispatch.php/settings/avatar');
         $this->addSubNavigation('avatar', $navigation);
         // profile data
         $navigation = new Navigation(_('Nutzerdaten'));
         $navigation->addSubNavigation('profile', new Navigation(_('Grunddaten'), 'dispatch.php/settings/account'));
         if (($perm->get_profile_perm($current_user->user_id) == 'user' || $perm->have_perm('root') && Config::get()->ALLOW_ADMIN_USERACCESS) && !StudipAuthAbstract::CheckField('auth_user_md5.password', $current_user->auth_plugin) && !LockRules::check($current_user->user_id, 'password')) {
             $navigation->addSubNavigation('password', new Navigation(_('Passwort ändern'), 'dispatch.php/settings/password'));
         }
         $navigation->addSubNavigation('details', new Navigation(_('Weitere Daten'), 'dispatch.php/settings/details'));
         if (!in_array($current_user->perms, words('user admin root'))) {
             $navigation->addSubNavigation('studies', new Navigation(_('Studiendaten'), 'dispatch.php/settings/studies'));
         }
         if ($current_user->perms != 'root') {
             if (count(UserDomain::getUserDomains())) {
                 $navigation->addSubNavigation('userdomains', new Navigation(_('Nutzerdomänen'), 'dispatch.php/settings/userdomains'));
             }
             if ($perm->is_staff_member($current_user->user_id)) {
                 $navigation->addSubNavigation('statusgruppen', new Navigation(_('Einrichtungsdaten'), 'dispatch.php/settings/statusgruppen'));
             }
         }
         $this->addSubNavigation('edit', $navigation);
         if ($perm->have_perm('autor')) {
             $navigation = new Navigation(_('Einstellungen'));
             $navigation->addSubNavigation('general', new Navigation(_('Allgemeines'), 'dispatch.php/settings/general'));
             $navigation->addSubNavigation('privacy', new Navigation(_('Privatsphäre'), 'dispatch.php/settings/privacy'));
             $navigation->addSubNavigation('messaging', new Navigation(_('Nachrichten'), 'dispatch.php/settings/messaging'));
             if (get_config('CALENDAR_ENABLE')) {
                 $navigation->addSubNavigation('calendar_new', new Navigation(_('Terminkalender'), 'dispatch.php/settings/calendar'));
             }
             if (!$perm->have_perm('admin') and get_config('MAIL_NOTIFICATION_ENABLE')) {
                 $navigation->addSubNavigation('notification', new Navigation(_('Benachrichtigung'), 'dispatch.php/settings/notification'));
             }
             if (isDefaultDeputyActivated() && $perm->get_perm() == 'dozent') {
                 $navigation->addSubNavigation('deputies', new Navigation(_('Standardvertretung'), 'dispatch.php/settings/deputies'));
             }
             if (Config::Get()->API_ENABLED) {
                 $navigation->addSubNavigation('api', new Navigation(_('API-Berechtigungen'), 'dispatch.php/api/authorizations'));
             }
             $this->addSubNavigation('settings', $navigation);
         }
         // user defined sections
         $navigation = new Navigation(_('Kategorien'), 'dispatch.php/settings/categories');
         $this->addSubNavigation('categories', $navigation);
     }
     // user documents page
     if (Config::get()->PERSONALDOCUMENT_ENABLE && ($perm->have_profile_perm('user', $current_user->user_id) || Config::get()->PERSONALDOCUMENT_OPEN_ACCESS)) {
         $title = _('Meine Dateien');
         if (Config::get()->PERSONALDOCUMENT_OPEN_ACCESS && $current_user->id !== $user->id) {
             $title = _('Dateibereich');
         }
         $navigation = new Navigation($title, 'dispatch.php/document/files');
         $this->addSubNavigation('files', $navigation);
     }
 }
Ejemplo n.º 19
0
 /**
  * Constructor
  *
  *
  * @access public
  *        
  */
 function __construct()
 {
     parent::__construct();
 }