public function execute(&$value, &$error)
{
$user_id = sfContext::getInstance()->getUser()->getId();
$user_private_data = UserPrivateData::find($user_id);
if (!myUser::check_password($value, $user_private_data->password)) {
$error = $this->getParameterHolder()->get('bad_password_error');
return false;
}
return true;
}
private static function signal()
{
$i18n = sfContext::getInstance()->getI18N();
// send an email for potential vandalism
$email_recipient = UserPrivateData::find(108544)->getEmail();
// for now, topo-fr 108544
$email_subject = $i18n->__('Potential vandalism');
$server = $_SERVER['SERVER_NAME'];
$module = self::$doc->getModule();
$link = "http://{$server}/{$module}/" . self::$doc->getId();
$htmlBody = $i18n->__('The document "%1%" has been potentially vandalised', array('%1%' => '<a href="' . $link . '">' . self::$doc->getCurrentI18nObject()->getName() . '</a>'));
$mail = new sfMail();
$mail->setCharset('utf-8');
// definition of the required parameters
$mail->setSender(sfConfig::get('app_outgoing_emails_sender'));
$mail->setFrom(sfConfig::get('app_outgoing_emails_from'));
$mail->addReplyTo(sfConfig::get('app_outgoing_emails_reply_to'));
$mail->addAddress($email_recipient);
$mail->setSubject($email_subject);
$mail->setContentType('text/html');
$mail->setBody($htmlBody);
$mail->setAltBody(strip_tags($htmlBody));
$mail->send();
}
/**
* Executes "associate current document with document" action
* associated document can only be : articles, summits, books, huts, outings, routes, sites, users
* ... restricted in security.yml to logged people
*/
public function executeAddAssociation()
{
$user = $this->getUser();
$user_id = $user->getId();
$is_moderator = $user->hasCredential(sfConfig::get('app_credentials_moderator'));
//
// Get parameters and check that association is allowed
//
// if session is time-over
if (!$user_id) {
return $this->ajax_feedback('Session is over. Please login again.');
}
if (!$this->hasRequestParameter('document_id') || !$this->hasRequestParameter('main_id') || !$this->hasRequestParameter('document_module')) {
return $this->ajax_feedback('Operation not allowed');
}
$main_module = $this->getRequestParameter('module');
$main_id = $this->getRequestParameter('main_id');
$linked_module = $this->getRequestParameter('document_module');
$linked_id = $this->getRequestParameter('document_id');
$icon = $this->getRequestParameter('icon', '');
$div = $this->getRequestParameter('div', false);
if ($linked_id == $main_id) {
return $this->ajax_feedback('A document can not be linked to itself');
}
switch ($linked_module) {
case 'summits':
$fields = array('id', 'is_protected', 'summit_type');
break;
case 'routes':
$fields = array('id', 'is_protected', 'duration');
break;
case 'huts':
$fields = array('id', 'is_protected', 'shelter_type');
break;
case 'articles':
$fields = array('id', 'is_protected', 'article_type');
break;
case 'images':
$fields = array('id', 'is_protected', 'image_type');
break;
case 'documents':
$fields = array('id', 'is_protected', 'module');
break;
// FIXME prevent such case?
// FIXME prevent such case?
default:
$fields = array('id', 'is_protected');
break;
}
$linked_document = Document::find(c2cTools::module2model($linked_module), $linked_id, $fields);
$linked_module = $linked_module != 'documents' ? $linked_module : $linked_document->get('module');
if (!$linked_document) {
return $this->ajax_feedback('Linked document does not exist');
}
$type_modules = c2cTools::Modules2Type($main_module, $linked_module);
if (empty($type_modules)) {
return $this->ajax_feedback('Wrong association type');
}
list($type, $swap, $main_module_new, $linked_module_new, $strict) = $type_modules;
switch ($main_module) {
case 'summits':
$fields = array('id', 'is_protected', 'summit_type');
break;
case 'routes':
$fields = array('id', 'is_protected', 'duration');
break;
case 'huts':
$fields = array('id', 'is_protected', 'shelter_type');
break;
case 'articles':
$fields = array('id', 'is_protected', 'article_type');
break;
case 'images':
$fields = array('id', 'is_protected', 'image_type');
break;
case 'documents':
$fields = array('id', 'is_protected', 'module');
break;
// FIXME prevent such case?
// FIXME prevent such case?
default:
$fields = array('id', 'is_protected');
break;
}
$main_document = Document::find(c2cTools::module2model($main_module), $main_id, $fields);
if (!$main_document) {
return $this->ajax_feedback('Main document does not exist');
}
if ($swap) {
$main_document_new = $linked_document;
$main_id_new = $linked_id;
$linked_document_new = $main_document;
$linked_id_new = $main_id;
} else {
$main_document_new = $main_document;
$main_id_new = $main_id;
$linked_document_new = $linked_document;
$linked_id_new = $linked_id;
}
if ($linked_module_new == 'articles') {
if (!$is_moderator) {
if ($linked_document_new->get('article_type') == 2 && !Association::find($user_id, $linked_id_new, 'uc')) {
return $this->ajax_feedback('You do not have the right to link a document to a personal article');
}
if ($main_module_new == 'articles') {
if ($main_document_new->get('article_type') == 2 && !Association::find($user_id, $main_id_new, 'uc')) {
return $this->ajax_feedback('You do not have the right to link a document to a personal article');
}
}
if ($main_module_new == 'outings' && !Association::find($user_id, $main_id_new, 'uo')) {
return $this->ajax_feedback('You do not have the right to link an article to another user outing');
}
}
if ($linked_document_new->get('article_type') != 2 && $type == 'uc') {
return $this->ajax_feedback('An user can not be linked to a collaborative article');
}
}
if ($linked_module_new == 'images') {
if ($main_document_new->get('is_protected') && !$is_moderator) {
return $this->ajax_feedback('Document is
protected');
}
if (!$is_moderator) {
if ($main_module_new == 'users' && $main_id_new != $user_id) {
return $this->ajax_feedback('You do not have the right to link an image to another user profile');
}
if ($main_module_new == 'outings' && !Association::find($user_id, $main_id_new, 'uo')) {
return $this->ajax_feedback('You do not have the right to link an image to another user outing');
}
if ($main_module_new == 'articles' && $main_document_new->get('article_type') == 2 && !Association::find($user_id, $main_id_new, 'uc')) {
return $this->ajax_feedback('You do not have the right to link an image to a personal article');
}
if ($main_module_new == 'images' && $main_document_new->get('image_type') == 2 && $document->getCreatorId() != $user_id) {
return $this->ajax_feedback('You do not have the right to link an image to a personal image');
}
}
}
if ($linked_module_new == 'outings') {
if (!$is_moderator) {
if ($main_module_new == 'users' && !Association::find($user_id, $linked_id_new, 'uo')) {
return $this->ajax_feedback('You do not have the right to link an user to another user outing');
}
if ($main_module_new == 'routes' && !Association::find($user_id, $linked_id_new, 'uo')) {
return $this->ajax_feedback('You do not have the right to link a route to another user outing');
}
if ($main_module_new == 'sites' && !Association::find($user_id, $linked_id_new, 'uo')) {
return $this->ajax_feedback('You do not have the right to link a site to another user outing');
}
}
}
if ($linked_module_new == 'xreports') {
if (!$is_moderator) {
if ($main_module_new == 'users' && !Association::find($user_id, $linked_id_new, 'ux')) {
return $this->ajax_feedback('You do not have the right to link an user to another user xreport');
}
if ($main_module_new == 'outings' && !Association::find($user_id, $linked_id_new, 'ux')) {
return $this->ajax_feedback('You do not have the right to link an outing to another user xreport');
}
if ($main_module_new == 'routes' && !Association::find($user_id, $linked_id_new, 'ux')) {
return $this->ajax_feedback('You do not have the right to link a route to another user xreport');
}
if ($main_module_new == 'sites' && !Association::find($user_id, $linked_id_new, 'ux')) {
return $this->ajax_feedback('You do not have the right to link a site to another user xreport');
}
}
}
if ($linked_module_new == 'huts') {
if ($main_module_new == 'summits') {
$associations = Association::findAllAssociations($linked_id_new, 'sh');
if (count($associations)) {
return $this->ajax_feedback('This hut is already linked to a summit');
}
}
if ($main_module_new == 'parkings') {
$associations_pp = Association::findAllAssociations($main_id_new, 'pp');
$associations_ph = Association::findAllAssociations($linked_id_new, 'ph');
foreach ($associations_pp as $a_pp) {
foreach ($associations_ph as $a_ph) {
if ($a_pp['main_id'] == $a_ph['main_id'] || $a_pp['linked_id'] == $a_ph['main_id']) {
return $this->ajax_feedback('A parking can not be linked to a hut if a main/sub parking is already linked to it');
}
}
}
}
}
if ($linked_module_new == 'routes') {
if ($main_module_new == 'summits' && $main_document_new->get('summit_type') == 5 && $linked_document_new->get('duration') <= 2) {
return $this->ajax_feedback('A raid summit can not be linked to a stage route');
}
if ($main_module_new == 'huts' && ($main_document_new->get('shelter_type') == 5 || $main_document_new->get('shelter_type') == 6)) {
return $this->ajax_feedback('A gite can not be linked to a route');
}
if ($main_module_new == 'parkings') {
$associations_pp = Association::findAllAssociations($main_id_new, 'pp');
$associations_pr = Association::findAllAssociations($linked_id_new, 'pr');
foreach ($associations_pp as $a_pp) {
foreach ($associations_pr as $a_pr) {
if ($a_pp['main_id'] == $a_pr['main_id'] || $a_pp['linked_id'] == $a_pr['main_id']) {
return $this->ajax_feedback('A parking can not be linked to a route if a main/sub parking is already linked to it');
}
}
}
}
}
if ($linked_module_new == 'sites') {
if ($main_module_new == 'sites') {
if (Association::countAllMain(array($linked_id_new), 'tt')) {
return $this->ajax_feedback('A sub site can not be linked to more than one main site');
}
}
if ($main_module_new == 'summits') {
if (Association::countAllMain(array($linked_id_new), 'st')) {
return $this->ajax_feedback('A site can not be linked to more than one summit');
}
if (Association::countAllMain(array($linked_id_new), 'tt')) {
return $this->ajax_feedback('A summit can not be linked to a sub site');
}
}
if ($main_module_new == 'parkings') {
$associations_pp = Association::findAllAssociations($main_id_new, 'pp');
$associations_pt = Association::findAllAssociations($linked_id_new, 'pt');
foreach ($associations_pp as $a_pp) {
foreach ($associations_pt as $a_pt) {
if ($a_pp['main_id'] == $a_pt['main_id'] || $a_pp['linked_id'] == $a_pt['main_id']) {
return $this->ajax_feedback('A parking can not be linked to a site if a main/sub parking is already linked to it');
}
}
}
}
}
if ($linked_module_new == 'summits') {
if ($main_module_new == 'summits') {
if ($main_document_new->get('summit_type') == 5 || $linked_document_new->get('summit_type') == 5) {
return $this->ajax_feedback('A raid summit can not be linked to a real summit');
}
if (Association::countAllMain(array($linked_id_new), 'ss')) {
return $this->ajax_feedback('A sub summit can not be linked to more than one main summit');
}
}
}
if ($linked_module_new == 'parkings') {
if ($main_module_new == 'parkings') {
if (Association::countAllMain(array($linked_id_new), 'pp')) {
// return $this->ajax_feedback('A sub parking can not be linked to more than one main parking');
}
}
}
if (Association::find($main_id_new, $linked_id_new, $type, false)) {
return $this->ajax_feedback('The document is already linked to the current document');
}
if ($linked_module_new == 'outings' && $main_module_new == 'users' && $linked_id != $user_id) {
// send an email to warn the new user associated
$email_recipient = UserPrivateData::find($linked_id)->getEmail();
$email_subject = $this->__('You have been associated to an outing');
$server = $_SERVER['SERVER_NAME'];
$outing_link = 'http' . (empty($_SERVER['HTTPS']) ? '' : 's') . "://{$server}/outings/{$main_id}";
$htmlBody = $this->__('You have been associated to outing %1% details', array('%1%' => '<a href="' . $outing_link . '">' . $outing_link . '</a>'));
$mail = new sfMail();
$mail->setCharset('utf-8');
// definition of the required parameters
$mail->setSender(sfConfig::get('app_outgoing_emails_sender'));
$mail->setFrom(sfConfig::get('app_outgoing_emails_from'));
$mail->addReplyTo(sfConfig::get('app_outgoing_emails_reply_to'));
$mail->addAddress($email_recipient);
$mail->setSubject($email_subject);
$mail->setContentType('text/html');
$mail->setBody($htmlBody);
$mail->setAltBody(strip_tags($htmlBody));
// send the email
$mail->send();
}
// Perform association
$a = new Association();
$status = $a->doSaveWithValues($main_id_new, $linked_id_new, $type, $user_id);
if (!$status) {
return $this->ajax_feedback('Could not perform association');
}
// cache clearing for current doc in every lang:
$this->clearCache($main_module, $main_id, false, 'view');
$this->clearCache($linked_module, $linked_id, false, 'view');
// html to return
sfLoader::loadHelpers(array('Tag', 'Url', 'Asset', 'AutoComplete'));
$linked_document->setBestName($user->getPreferedLanguageList());
$bestname = $linked_document->get('name');
if ($linked_module == 'routes') {
// in that case, output not only route name but also best summit name whose id has been passed (summit_id)
$summit = explode(' [', $this->getRequestParameter('summits_name'));
$bestname = $summit[0] . $this->__(' :') . ' ' . $bestname;
}
$linked_module_name = $icon ? $icon : $this->__($linked_module);
$type_id_string = $type . '_' . $linked_id;
$out = link_to($bestname, "@document_by_id?module={$linked_module}&id={$linked_id}");
if ($user->hasCredential('moderator')) {
$out .= c2c_link_to_delete_element($type, $main_id_new, $linked_id_new, !$swap, $strict);
}
if ($div) {
$icon_string = '';
if ($icon) {
$icon_string = '<div class="assoc_img picto_' . $icon . '" title="' . ucfirst(__($icon)) . '">' . '<span>' . ucfirst(__($icon)) . __(' :') . '</span>' . '</div>';
}
$out = '<div class="linked_elt" id="' . $type_id_string . '">' . $icon_string . $out . '</div>';
} else {
$out = '<li id="' . $type_id_string . '">' . picto_tag('picto_' . $linked_module, $linked_module_name) . ' ' . $out . '</li>';
}
return $this->renderText($out);
}
public function signIn($login_name, $password, $remember = false, $password_is_hashed = false)
{
c2cTools::log('in signin function from myUser class');
$return = false;
// we need to retrieve the stored hash for the correspondings user to:
// - the salt is stored there, needed for verifiying the password
// - allows us to check whether it is still an old hash, without salt
$upd = UserPrivateData::retrieveByLoginName($login_name);
if (!$upd) {
return false;
} else {
$userid = $upd->id;
$hash_tmp = $upd->password_tmp;
$hash = $upd->password;
}
if ($password_is_hashed) {
$user = $password === $hash ? sfDoctrine::getTable('User')->find($userid) : false;
} else {
$user = self::check_password($password, $hash) ? sfDoctrine::getTable('User')->find($userid) : false;
}
// maybe the user requested a new password, check if password_tmp is ok
if (!$user && !$password_is_hashed) {
// This block is not used when password is hashed. Indeed password is hashed only
// when performing an automatic signIn ("remember me").
// In that case, no temp password is used.
c2cTools::log('base login failed, start trying with password_temp');
// user not found, try with tmp password
$user = self::check_password($password, $hash_tmp) ? sfDoctrine::getTable('User')->find($userid) : false;
if ($user) {
c2cTools::log('user found, make temp password the new password');
// user used his tmp password
$user_private_data = $user->get('private_data');
// set password to tmp password
$user_private_data->set('password', $password);
// delete tmp password
$user_private_data->set('password_tmp', null);
$user->save();
}
}
if ($user) {
c2cTools::log('user found, continue to test if active');
if ($user->isActive()) {
c2cTools::log('user is active');
$user_id = $user->get('id');
// if we went there with the old hash algorithm (simple hash, no salt),
// then update the db with so that we use the new algorithm next time
if (!$password_is_hashed && password_needs_rehash($hash, PASSWORD_DEFAULT)) {
c2cTools::log('upgrading user to new hash algorithm');
$conn = sfDoctrine::Connection();
try {
$user_private_data = UserPrivateData::find($user_id);
$user_private_data->setPassword($password);
$user_private_data->save();
$conn->commit();
} catch (Exception $e) {
$conn->rollback();
c2cTools::log('could not upgrade user to new hash algorithm');
}
$hash = $user_private_data->getPassword();
}
$user_culture = $user->get('private_data')->getPreferedCulture();
// when user signs-in it confirms his signup
if ($user->isConfirmationPending()) {
c2cTools::log('remove user from pending group');
$user->removeFromGroup('pending');
}
// login punbb
if ($password_is_hashed) {
Punbb::signIn($user_id, $password);
} else {
Punbb::signIn($user_id, $hash);
}
c2cTools::log('logged in punbb');
// remember?
if ($remember) {
c2cTools::log('remember me requested / or renew');
$context = sfContext::getInstance();
$remember_cookie = sfConfig::get('app_remember_key_cookie_name', 'c2corg_remember');
$key = RememberKey::generateRandomKey();
// if remember_cookie was set in the request, it means that we are renewing it
$remember_key = $context->getRequest()->getCookie($remember_cookie);
if ($remember_key) {
RememberKey::renewKey($remember_key, $key);
} else {
$rk = new RememberKey();
$rk->set('remember_key', $key);
$rk->set('user', $user);
$rk->set('ip_address', isset($_SERVER['HTTP_X_ORIGIN_IP']) ? $_SERVER['HTTP_X_ORIGIN_IP'] : $_SERVER['REMOTE_ADDR']);
// TODO remove obsolete field
$rk->save();
}
// TODO : move remove old keys in a batch
// remove old keys
RememberKey::deleteOldKeys();
// make key as a cookie
$expiration_age = sfConfig::get('app_remember_key_expiration_age', 30 * 24 * 3600);
$context->getResponse()->setCookie($remember_cookie, $key, time() + $expiration_age, '/', '', false, true);
} else {
// user is authenticated but has not checked "remember me" option
// let's add a cookie to indicate his/her session should not be reset while his/her browser is open
sfContext::getInstance()->getResponse()->setCookie('temp_remember', 1);
}
c2cTools::log('add some information in user session');
// give credentials
$this->addCredentials($user->getAllPermissionNames());
// login session symfony
$this->setAttribute('username', $user->get('private_data')->get('topo_name'));
$this->setAttribute('id', $user_id);
// set the prefered language for user session
// and the list of languages ordered by preference
$this->saveLanguageListInSession($user->get('private_data')->getDocumentCulture());
// set logged
$this->setAuthenticated(true);
$return = true;
// change language session if needed
if ($this->getCulture() != $user_culture) {
$this->setCulture($user_culture);
}
// be sure to update punbb language cookie
Punbb::setLanguage($user_culture);
// Restore pref cookies
c2cPersonalization::restorePrefCookies($user_id);
}
}
return $return;
}
/**
* Handle a page that enables users to registers to various mailing lists.
*/
public function executeMailinglists()
{
$user_id = $this->getUser()->getId();
$this->user_private_data = UserPrivateData::find($user_id);
$this->email = $this->user_private_data->get('email');
$lists = sfConfig::get('mod_users_mailinglists_values');
if ($this->getRequest()->getMethod() == sfRequest::POST) {
$listname = $this->getRequestParameter('listname');
if ($this->getRequestParameter('reason') == 'sub') {
Sympa::subscribe($listname, $this->email);
$this->statsdIncrement("{$listname}.subscribe");
} else {
Sympa::unsubscribe($listname, $this->email);
$this->statsdIncrement("{$listname}.unsubscribe");
}
}
$subscribedLists = Sympa::getSubscribedLists($this->email);
$ml_list_subscribed = array();
$ml_list_available = array();
foreach ($lists as $list) {
if (in_array($list, $subscribedLists)) {
$ml_list_subscribed[] = $list;
} else {
$ml_list_available[] = $list;
}
}
$this->available_lists = $ml_list_available;
$this->subscribed_lists = $ml_list_subscribed;
$this->setPageTitle($this->__('mailing lists'));
}
/**
* restore cookie values from profile. Managed cookies not in the profile will be deleted
*/
public static function restorePrefCookies($user_id)
{
if (!($user_private_data = UserPrivateData::find($user_id))) {
return;
// silently stop
}
$response = sfContext::getInstance()->getResponse();
$managed_cookies = sfConfig::get('app_profile_cookies_list');
$fold_prefs = sfConfig::get('app_personalization_cookie_fold_positions');
$cookie_prefs = $user_private_data->getPref_cookies();
if (empty($cookie_prefs)) {
// no saved value in profile, copy the current cookie values into profile
// 'regular' cookies
$cookie_values = array();
foreach ($managed_cookies as $cookie) {
if (sfContext::getInstance()->getRequest()->getCookie($cookie)) {
$cookie_values[$cookie] = urlencode(sfContext::getInstance()->getRequest()->getCookie($cookie));
}
}
// fold prefs
if (sfContext::getInstance()->getRequest()->getCookie('fold')) {
$fold_cookie_value = sfContext::getInstance()->getRequest()->getCookie('fold');
foreach ($fold_prefs as $pos => $pref) {
if ($fold_cookie_value[$pos] == 't') {
$cookie_values[$pref + '_home_status'] = 'true';
} else {
if ($fold_cookie_value[$pos] == 'f') {
$cookie_values[$pref + '_home_status'] = 'false';
}
}
}
}
if (!empty($cookie_values)) {
$conn = sfDoctrine::Connection();
try {
$user_private_data->setPref_cookies($cookie_values);
$user_private_data->save();
$conn->commit();
} catch (Exception $e) {
$conn->rollback();
}
}
} else {
// set fold cookie
$fold_cookie_value = $default = str_repeat('x', sfConfig::get('app_personalization_cookie_fold_size'));
foreach ($fold_prefs as $pos => $pref) {
if (isset($cookie_prefs[$pref . '_home_status'])) {
$fold_cookie_value[$pos] = $cookie_prefs[$pref . '_home_status'] == 'true' ? 't' : 'f';
}
}
if ($fold_cookie_value != $default) {
$response->setCookie('fold', $fold_cookie_value, time() + sfConfig::get('app_personalization_filter_timeout'));
} else {
$response->setCookie('fold', '');
}
// erase all managed cookies or replace values with the one in profile
foreach ($managed_cookies as $cookie_name) {
if (array_key_exists($cookie_name, $cookie_prefs)) {
$response->setCookie($cookie_name, $cookie_prefs[$cookie_name], time() + sfConfig::get('app_personalization_filter_timeout'));
} else {
$response->setCookie($cookie_name, '');
}
}
}
}
