/**
* Retrieve one registration application for a new user account (one registration request).
*
* NOTE: Expired registrations are purged prior to performing the get.
*
* Parameters passed in the $args array:
* -------------------------------------
* numeric $args['uid'] The uid of the registration record (registration request) to return;
* required if uname and email are not specified, otherwise not allowed.
* string $args['uname'] The uname of the registration record (registration request) to return;
* required if id and email are not specified, otherwise not allowed.
* string $args['email'] The e-mail address of the registration record (registration request) to return;
* not allowed if the system allows an e-mail address to be registered
* more than once; required if id and uname are not specified, otherwise not allowed.
*
* @param array $args All parameters passed to this function; either id, uname, or email must be specified, but
* no more than one of those three, and email is not allowed if the system allows an email
* address to be registered more than once.
*
* @return array|boolean An array containing the record, or false on error.
*
* @throws Zikula_Exception_Forbidden Thrown if the user is not logged in and does not have read access, or if the user is logged in
* and does not have moderate access.
*/
public function get($args)
{
if ((!UserUtil::isLoggedIn() && !SecurityUtil::checkPermission('Users::', '::', ACCESS_READ))
|| (UserUtil::isLoggedIn() && !SecurityUtil::checkPermission('Users::', '::', ACCESS_MODERATE))) {
throw new Zikula_Exception_Forbidden();
}
$uniqueEmails = $this->getVar('reg_uniemail', false);
// Checks the following:
// - none of the three possible IDs is set
// - uid is set along with either uname or email
// - uname is set with email
// - email is set but the system allows multiple registrations per email
if ((!isset($args['uid']) && !isset($args['uname']) && !isset($args['email']))
|| (isset($args['uid']) && (isset($args['uname']) || isset($args['email'])))
|| (isset($args['uname']) && isset($args['email']))
|| (isset($args['email']) && !$uniqueEmails)) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
if (isset($args['uid'])) {
if (empty($args['uid']) || !is_numeric($args['uid']) || ((int)$args['uid'] != $args['uid'])) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
$idField = 'uid';
} elseif (isset($args['uname'])) {
if (empty($args['uname']) || !is_string($args['uname'])) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
$idField = 'uname';
} elseif (isset($args['email'])) {
if (empty($args['email']) || !is_string($args['email'])) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
$idField = 'email';
}
$idValue = $args[$idField];
$this->purgeExpired();
if ($idField == 'email') {
// If reg_uniemail was ever false, or the admin created one or more users with an existing e-mail address,
// then more than one user with the same e-mail address might exists. The get function should not return the first
// one it finds, as that is a security breach. It should return false, because we are not sure which one we want.
$emailUsageCount = UserUtil::getEmailUsageCount($idValue);
if ($emailUsageCount > 1) {
return false;
}
}
$userObj = UserUtil::getVars($idValue, false, $idField, true);
if ($userObj === false) {
$this->registerError($this->__('Error! Could not load data.'));
}
return $userObj;
}
/**
* Send the user a lost password confirmation code.
*
* Parameters passed in the $args array:
* -------------------------------------
* string $args['email'] The user's e-mail address.
*
* @param array $args All parameters passed to this function.
*
* @return bool True if confirmation code sent; otherwise false.
*/
public function mailConfirmationCode($args)
{
$emailMessageSent = false;
if (!isset($args['id']) || empty($args['id']) || !isset($args['idfield']) || empty($args['idfield'])
|| (($args['idfield'] != 'uname') && ($args['idfield'] != 'email') && ($args['idfield'] != 'uid'))
) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
if ($args['idfield'] == 'email') {
$ucount = UserUtil::getEmailUsageCount($args['id']);
if ($ucount > 1) {
return false;
}
}
$adminRequested = (isset($args['adminRequest']) && is_bool($args['adminRequest']) && $args['adminRequest']);
$user = UserUtil::getVars($args['id'], true, $args['idfield']);
if ($user) {
$confirmationCode = UserUtil::generatePassword();
$hashedConfirmationCode = UserUtil::getHashedPassword($confirmationCode);
if ($confirmationCodeHash !== false) {
$tables = DBUtil::getTables();
$verifychgColumn = $tables['users_verifychg_column'];
DBUtil::deleteWhere('users_verifychg',
"({$verifychgColumn['uid']} = {$user['uid']}) AND ({$verifychgColumn['changetype']} = " . Users_Constant::VERIFYCHGTYPE_PWD . ")");
$nowUTC = new DateTime(null, new DateTimeZone('UTC'));
$verifyChangeObj = array(
'changetype' => Users_Constant::VERIFYCHGTYPE_PWD,
'uid' => $user['uid'],
'newemail' => '',
'verifycode' => $hashedConfirmationCode,
'created_dt' => $nowUTC->format(Users_Constant::DATETIME_FORMAT),
);
$codeSaved = DBUtil::insertObject($verifyChangeObj, 'users_verifychg');
if ($codeSaved) {
$urlArgs = array();
$urlArgs['code'] = urlencode($confirmationCode);
$urlArgs[$args['idfield']] = urlencode($args['id']);
$view = Zikula_View::getInstance($this->name, false);
$viewArgs=array(
'uname' => $user['uname'],
'sitename' => System::getVar('sitename'),
'hostname' => System::serverGetVar('REMOTE_ADDR'),
'code' => $confirmationCode,
'url' => ModUtil::url($this->name, 'user', 'lostPasswordCode', $urlArgs, null, null, true),
'adminRequested'=> $adminRequested,
);
$view->assign($viewArgs);
$htmlBody = $view->fetch('users_email_lostpassword_html.tpl');
$plainTextBody = $view->fetch('users_email_lostpassword_txt.tpl');
$subject = $this->__f('Confirmation code for %s', $user['uname']);
$emailMessageSent = ModUtil::apiFunc('Mailer', 'user', 'sendMessage', array(
'toaddress' => $user['email'],
'subject' => $subject,
'body' => $htmlBody,
'altbody' => $plainTextBody
));
if (!$emailMessageSent) {
$this->registerError($this->__('Error! Unable to send confirmation code e-mail message.'));
}
} else {
$this->registerError($this->__('Error! Unable to save confirmation code.'));
}
} else {
$this->registerError($this->__("Error! Unable to create confirmation code."));
}
}
return $emailMessageSent;
}
