function my_page()
{
if (isset($_REQUEST['subcommand'])) {
$subcommand = $_REQUEST['subcommand'];
} else {
$subcommand = 'updateSettings';
}
$user = $_SESSION['User'];
$template['TITLE'] = dgettext('users', 'Change my Settings');
switch ($subcommand) {
case 'updateSettings':
if (isset($_GET['save'])) {
$template['MESSAGE'] = dgettext('users', 'User settings updated.');
}
$content = User_Settings::userForm($user);
break;
case 'postUser':
User_Settings::setTZ();
User_Settings::rememberMe();
User_Settings::setCP();
$result = User_Action::postUser($user, FALSE);
if (is_array($result)) {
$content = User_Settings::userForm($user, $result);
} else {
if (PHPWS_Error::logIfError($user->save())) {
$content = dgettext('users', 'An error occurred while updating your user account.');
} else {
$_SESSION['User'] = $user;
PHPWS_Core::reroute('index.php?module=users&action=user&tab=users&save=1');
}
}
break;
}
$template['CONTENT'] = $content;
return PHPWS_Template::process($template, 'users', 'my_page/main.tpl');
}
/**
* Form for adding and choosing default authorization scripts
*/
public static function authorizationSetup()
{
$template = array();
PHPWS_Core::initCoreClass('File.php');
$auth_list = User_Action::getAuthorizationList();
$db = new PHPWS_DB('users_groups');
$db->addOrder('name');
$db->addColumn('name');
$db->addColumn('id');
$db->setIndexBy('id');
$db->addWhere('user_id', 0);
$groups = $db->select('col');
if (PHPWS_Error::logIfError($groups)) {
$groups = array(0 => dgettext('users', '- None -'));
} else {
$groups = array("0" => dgettext('users', '- None -')) + $groups;
}
foreach ($auth_list as $auth) {
$file_compare[] = $auth['filename'];
}
$form = new PHPWS_Form();
$form->addHidden('module', 'users');
$form->addHidden('action', 'admin');
$form->addHidden('command', 'postAuthorization');
$file_list = PHPWS_File::readDirectory(PHPWS_SOURCE_DIR . 'mod/users/scripts/', FALSE, TRUE, FALSE, array('php'));
if (!empty($file_list)) {
$remaining_files = array_diff($file_list, $file_compare);
} else {
$remaining_files = NULL;
}
if (empty($remaining_files)) {
$template['FILE_LIST'] = dgettext('users', 'No new scripts found');
} else {
$form->addSelect('file_list', $remaining_files);
$form->reindexValue('file_list');
$form->addSubmit('add_script', dgettext('users', 'Add Script File'));
}
$form->mergeTemplate($template);
$form->addSubmit('submit', dgettext('users', 'Update authorization scripts'));
$template = $form->getTemplate();
$template['AUTH_LIST_LABEL'] = dgettext('users', 'Authorization Scripts');
$template['DEFAULT_LABEL'] = dgettext('users', 'Default');
$template['DISPLAY_LABEL'] = dgettext('users', 'Display Name');
$template['FILENAME_LABEL'] = dgettext('users', 'Script Filename');
$template['DEFAULT_GROUP_LABEL'] = dgettext('users', 'Default group');
$template['ACTION_LABEL'] = dgettext('users', 'Action');
$default_authorization = PHPWS_User::getUserSetting('default_authorization');
foreach ($auth_list as $authorize) {
$links = array();
extract($authorize);
if ($default_authorization == $id) {
$checked = 'checked="checked"';
} else {
$checked = NULL;
}
$getVars['module'] = 'users';
$getVars['action'] = 'admin';
$getVars['command'] = 'dropScript';
if ($filename != 'local.php' && $filename != 'global.php') {
$vars['QUESTION'] = dgettext('users', 'Are you sure you want to drop this authorization script?');
$vars['ADDRESS'] = sprintf('index.php?module=users&action=admin&command=dropAuthScript&script_id=%s&authkey=%s', $id, Current_User::getAuthKey());
$vars['LINK'] = dgettext('users', 'Drop');
$links[1] = javascript('confirm', $vars);
}
$getVars['command'] = 'editScript';
// May enable this later. No need for an edit link right now.
// $links[2] = PHPWS_Text::secureLink(dgettext('users', 'Edit'), 'users', $getVars);
$row['CHECK'] = sprintf('<input type="radio" name="default_authorization" value="%s" %s />', $id, $checked);
$form = new PHPWS_Form();
$form->addSelect("default_group[{$id}]", $groups);
$form->setMatch("default_group[{$id}]", $default_group);
$row['DEFAULT_GROUP'] = $form->get("default_group[{$id}]");
$row['DISPLAY_NAME'] = $display_name;
$row['FILENAME'] = $filename;
if (!empty($links)) {
$row['ACTION'] = implode(' | ', $links);
} else {
$row['ACTION'] = dgettext('users', 'None');
}
$template['auth-rows'][] = $row;
}
return PHPWS_Template::process($template, 'users', 'forms/authorization.tpl');
}
function prepare(&$controller, &$xoopsUser, $moduleConfig)
{
parent::prepare($controller, $xoopsUser, $moduleConfig);
$this->_mAllowRegister = $moduleConfig['allow_register'];
}
/**
* @author Matthew McNaney <mcnaney at gmail dot com>
* @version $Id$
*/
function users_update(&$content, $currentVersion)
{
$home_dir = PHPWS_Boost::getHomeDir();
switch ($currentVersion) {
case version_compare($currentVersion, '2.2.0', '<'):
$content[] = 'This package does not update versions under 2.2.0';
return false;
case version_compare($currentVersion, '2.2.1', '<'):
$content[] = '+ Fixed a bug causing conflicts between user and group permissions.';
case version_compare($currentVersion, '2.2.2', '<'):
$content[] = '+ Set username to the same character size in both users table and user_authorization.';
$content[] = '+ Fixed typo causing branch installation failure on Postgresql.';
case version_compare($currentVersion, '2.3.0', '<'):
$content[] = '<pre>
2.3.0 changes
------------------------
+ Added translate function calls in classes and my_page.php
+ my_page hides translation option if language defines disable selection
+ Added a unrestricted only parameter to Current_User\'s allow and
authorize functions
+ Dropped references from some constructors
+ Added error check to setPermissions function: won\'t accept empty
group id
+ Changed id default to zero.
+ Removed unneeded function parameter on getGroups
</pre>
';
case version_compare($currentVersion, '2.3.1', '<'):
$content[] = '<pre>';
$files = array('templates/my_page/user_setting.tpl');
userUpdateFiles($files, $content);
$content[] = '
2.3.1 changes
------------------------
+ Added ability for user to set editor preferences
</pre>
';
case version_compare($currentVersion, '2.3.2', '<'):
$content[] = '<pre>2.3.2 changes';
$files = array('img/users.png', 'templates/user_main.tpl');
userUpdateFiles($files, $content);
$content[] = '+ Added error check to login.
+ Changed user control panel icon.
+ Fixed template typo that broke IE login.
+ Removed fake French translation (delete mod/users/locale/fr_FR/ directory
+ Permissions are now ordered alphabetically.
+ isUser will now always return false if passed a zero id.
+ Added new function requireLogin that forwards a user to the login
screen
</pre>';
case version_compare($currentVersion, '2.4.0', '<'):
if (!PHPWS_DB::isTable('users_pw_reset')) {
$new_table = 'CREATE TABLE users_pw_reset (
user_id INT NOT NULL default 0,
authhash CHAR( 32 ) NOT NULL default 0,
timeout INT NOT NULL default 0,
);';
if (!PHPWS_DB::import($new_table)) {
$content[] = 'Unable to create users_pw_reset table.';
return false;
} else {
$content[] = 'Created new table: users_pw_reset';
}
}
$files = array('templates/forms/reset_password.tpl', 'templates/forms/forgot.tpl', 'conf/config.php', 'templates/usermenus/top.tpl', 'templates/forms/settings.tpl', 'templates/my_page/user_setting.tpl');
$content[] = '<pre>';
userUpdatefiles($files, $content);
if (!PHPWS_Boost::inBranch()) {
$content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_0.txt');
}
$content[] = '</pre>';
case version_compare($currentVersion, '2.4.1', '<'):
$content[] = '<pre>';
$files = array('conf/languages.php');
userUpdateFiles($files, $content);
$content[] = '
2.4.1 changes
------------------------
+ Default item id on permission check functions is now zero instead of
null. This will make checking permissions a little easier on new items.
+ Bug #1690657 - Changed group select js property to onclick instead
of onchange. Thanks singletrack.
+ Changed the language abbreviation for Danish
</pre>
';
case version_compare($currentVersion, '2.4.2', '<'):
$content[] = '<pre>';
$files = array('templates/usermenus/Default.tpl');
userUpdateFiles($files, $content);
if (!PHPWS_Boost::inBranch()) {
$content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_2.txt');
}
$content[] = '</pre>';
case version_compare($currentVersion, '2.4.3', '<'):
$content[] = '<pre>';
if (!PHPWS_Boost::inBranch()) {
$content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_3.txt');
}
$content[] = '</pre>';
case version_compare($currentVersion, '2.4.4', '<'):
$content[] = '<pre>';
$source_dir = PHPWS_SOURCE_DIR . 'mod/users/javascript/';
$dest_dir = $home_dir . 'javascript/modules/users/';
if (PHPWS_File::copy_directory($source_dir, $dest_dir, true)) {
$content[] = "--- Successfully copied {$source_dir} to {$dest_dir}";
} else {
$content[] = "--- Could not copy {$source_dir} to {$dest_dir}";
}
$files = array('conf/error.php', 'templates/forms/permissions.tpl', 'templates/forms/permission_pop.tpl');
userUpdateFiles($files, $content);
if (!PHPWS_Boost::inBranch()) {
$content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_4.txt');
}
$content[] = '</pre>';
case version_compare($currentVersion, '2.4.5', '<'):
$content[] = '<pre>';
$files = array('conf/error.php', 'conf/languages.php', 'templates/forms/settings.tpl', 'templates/manager/groups.tpl');
userUpdateFiles($files, $content);
if (!PHPWS_Boost::inBranch()) {
$content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_5.txt');
}
$content[] = '</pre>';
case version_compare($currentVersion, '2.4.6', '<'):
$content[] = '<pre>';
$files = array('templates/forms/forgot.tpl');
userUpdateFiles($files, $content);
if (!PHPWS_Boost::inBranch()) {
$content[] = '
2.4.6 changes
-------------------
+ Added error check to permission menu.
+ Error for missing user groups now reports user id.
+ Forgot password will work if CAPTCHA is disabled.
+ Using new savePermissions function instead of save.
+ Current_User was calling giveItemPermissions incorrectly.';
}
$content[] = '</pre>';
case version_compare($currentVersion, '2.4.7', '<'):
$content[] = '<pre>
2.4.7 changes
-------------------
+ Removed global authorization from change password check since it is not
written yet.
</pre>';
case version_compare($currentVersion, '2.4.9', '<'):
$content[] = '<pre>';
if (PHPWS_Core::isBranch() || PHPWS_Boost::inBranch()) {
$user_db = new PHPWS_DB('users');
$user_db->addWhere('deity', 1);
$user_db->addColumn('id');
$user_db->addColumn('username');
$user_db->setIndexBy('id');
$user_ids = $user_db->select('col');
if (!empty($user_ids) && !PHPWS_Error::logIfError($user_ids)) {
$group_db = new PHPWS_DB('users_groups');
foreach ($user_ids as $id => $username) {
$group_db->addWhere('user_id', $id);
$result = $group_db->select('row');
if (!$result) {
$group_db->reset();
$group_db->addValue('active', 1);
$group_db->addValue('name', $username);
$group_db->addValue('user_id', $id);
if (!PHPWS_Error::logIfError($group_db->insert())) {
$content[] = '--- Created missing group for user: '******'2.4.9 changes
-----------------
+ Raised sql character limit in default username, display_name, and
group name installs.
+ Fixed bug with forbidden usernames
+ Added a function to group to remove its permissions upon deletion.
+ Bookmark won\'t return a user to a authkey page if their session dies.
+ Fixed bug #1850815 : unknown function itemIsAllowed in Permission.php
+ My Pages are unregistered on module removal.
+ My Page tab stays fixed.
</pre>';
case version_compare($currentVersion, '2.5.0', '<'):
$content[] = '<pre>';
$files = array('templates/forms/memberlist.tpl', 'templates/forms/userForm.tpl', 'javascript/generate/head.js', 'templates/manager/groups.tpl', 'templates/manager/users.tpl');
userUpdateFiles($files, $content);
$content[] = '2.5.0 changes
-------------------
+ Members\' names alphabetized
+ New user email notification added.
+ Fixed member listing dropping names past 10.
+ Added random password generator on user edit form.
+ Removed reference from Action.php causing php notice.
+ Changed redundant static method call in Permission.
+ Added dash to allowed display name characters.
+ Added \\pL to display name characters.
+ Users will now query modules should a user get deleted.
+ Added an error check to Permissions.
+ Users will now look for remove_user.php in all modules\' inc/
directory in order to run the remove_user function.
+ Using pager\'s addSortHeaders in user and group listing
+ Added display name to pager search.
</pre>';
case version_compare($currentVersion, '2.6.0', '<'):
$content[] = '<pre>';
Users_Permission::registerPermissions('users', $content);
$db = new PHPWS_DB('users_auth_scripts');
$db->addWhere('filename', 'local.php');
$db->addColumn('id');
$auth_id = $db->select('one');
PHPWS_Settings::set('users', 'local_script', $auth_id);
PHPWS_Settings::save('users');
$files = array('conf/languages.php', 'templates/my_page/user_setting.tpl', 'templates/usermenus/css.tpl', 'img/permission.png', 'templates/forms/userForm.tpl');
userUpdateFiles($files, $content);
if (!PHPWS_Boost::inBranch()) {
$content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_6_0.txt');
}
$content[] = '</pre>';
case version_compare($currentVersion, '2.6.1', '<'):
$content[] = '<pre>2.6.1 changes
------------------
+ requireLogin now reroutes dependant on the user authorization
+ If the user\'s group is missing when they are updated, a new one is
properly created. Prior to the fix, a new group was created without an
assigned user id.
+ Added error message to my page if update goes bad.
</pre>';
case version_compare($currentVersion, '2.6.2', '<'):
$content[] = '<pre>';
$files = array('templates/forms/settings.tpl');
userUpdateFiles($files, $content);
$content[] = '2.6.2 changes
------------------
+ Moved error file to inc/
+ Blank passwords forbidden.
+ Error check added to cosign authorization.
+ php fiveasized the classes.
+ Added some needed error logging to user creation problems
+ Added ability for default user groups to be set for admin created
and newly joined users.
+ Fixed testing on addMembers. Previous code was nonsensical.
+ _user_group id gets set upon a user object save.
</pre>';
case version_compare($currentVersion, '2.6.3', '<'):
$content[] = '<pre>';
$files = array('img/deity.gif', 'img/delete.png', 'img/edit.png', 'img/man.gif', 'img/key.png', 'img/members.png', 'templates/forms/authorization.tpl', 'templates/forms/settings.tpl', 'templates/manager/users.tpl');
userUpdateFiles($files, $content);
$db = new PHPWS_DB('users_auth_scripts');
PHPWS_Error::logIfError($db->addTableColumn('default_group', 'int not null default 0'));
$content[] = '2.6.3 changes
------------------
+ Added icons for admin options under manage users and groups
+ Disabled active link in groups listing
+ Authorization scripts now have default group assignments. New
members will assigned to a group based on their authorization
method.
+ Removed default group by user or admin from settings.
+ Added ability to view users by whether or not they are in a
particular group.
+ Added pager caching to group listing
+ Display name may now not be the same as another user\'s username
+ Extended user name error to include display name
+ Added empty password check to ldap script
</pre>';
case version_compare($currentVersion, '2.6.4', '<'):
$db = new PHPWS_DB('users_auth_scripts');
PHPWS_Error::logIfError($db->addTableColumn('default_group', 'int not null default 0'));
$content[] = '<pre>2.6.4 changes
-------------------------
+ Added missing column to install.sql</pre>';
case version_compare($currentVersion, '2.6.5', '<'):
$content[] = '<pre>';
userUpdateFiles(array('conf/languages.php'), $content);
$content[] = '2.6.5 changes
-------------------------
+ Added missing column to install.sql</pre>';
case version_compare($currentVersion, '2.6.6', '<'):
$content[] = '<pre>';
userUpdateFiles(array('templates/forms/userForm.tpl'), $content);
$content[] = '2.6.6 changes
-----------------------
+ Graceful recovery from broken authentication scripts.
+ Authorization script made deity only
+ Fixed default groups on external authentication
+ Deleted auth scripts will update users under it to use local instead.
+ The user constructor was trying to load the authorization script on
failed users. Thanks Verdon.</pre>';
case version_compare($currentVersion, '2.7.0', '<'):
$content[] = '<pre>2.7.0 changes
-------------------------
+ Usernames and passwords can not be changed on non local users
+ Added switch to settings to prevent admins from making new users
+ Site admin can be set by non-deities again
+ Fixed bug with users able to change password on alternate auth.
+ Fixed some bugs with user creation and editing with alternate authentication.
+ Hiding permissions and members in create group form
+ Icon class implemented.
+ Strict PHP 5 changes made.
</pre>';
case version_compare($currentVersion, '2.7.1', '<'):
$content[] = '<pre>2.7.1 changes
-------------------------
+ Improved cosign script
+ Fixed errors getting dropped without logging.
</pre>';
case version_compare($currentVersion, '2.7.2', '<'):
$content[] = '<pre>2.7.2 changes
-------------------------
+ Fixed multiple group member bug.
+ Cleaned up cosign authentication.
+ Current_User requireLogin to use login_link instead of login_url
+ New User form now properly respects the "settings" permission for showing
user authentication script option.
+ User constuction allow username parameter.
+ Trim whitespace from user email addresses. Don\'t modify the member variable
unless all the sanity checks passed.
</pre>';
case version_compare($currentVersion, '2.7.3', '<'):
PHPWS_Core::initModClass('users', 'Action.php');
User_Action::checkPermissionTables();
$content[] = '<pre>2.7.3 changes
------------------------
+ Update permissions
</pre>';
case version_compare($currentVersion, '2.7.4', '<'):
$content[] = '<pre>2.7.4 changes
------------------------
+ Fixed 500 error on My Page
</pre>';
case version_compare($currentVersion, '2.7.5', '<'):
$content[] = '<pre>2.7.5 changes
------------------------
+ Loosened group name restrictions
+ User edit page shows group membership
</pre>';
case version_compare($currentVersion, '2.7.6', '<'):
$content[] = '<pre>2.7.6 changes
------------------------
+ Updated icons to Font Awesome
+ Email addresses may now be used as user names.
+ Static method call fixed.
+ Added exception error for missing authorization file.
+ My Page no longer is using tabs as other modules use of My Page have been removed.
+ css.tpl template rewritten. Login now works closer with authentication script.
- drop down no longer contains Home or Control Panel. Account link added - takes
user to their account page to change their password.
</pre>';
case version_compare($currentVersion, '2.8.0', '<'):
$content[] = <<<EOF
<pre>2.8.0 changes
-----------------
+ Added suggested bootstrap classes from TRF
+ Removed call to nonexistent method.
+ Moved icons to left and set admin-icons class to column.
+ Added FA icon here for mini admin
+ Changed to ensure users_auth_scripts table was created properly
+ Session timeouts are now tracked. Warning to user given before failure.
</pre>
EOF;
case version_compare($currentVersion, '2.8.1', '<'):
\PHPWS_Settings::set('users', 'session_warning', 0);
\PHPWS_Settings::save('users');
$content[] = <<<EOF
<pre>2.8.1 changes
-----------------
+ Changing default on user session to false. If you want it enabled, do so in settings.
</pre>
EOF;
case version_compare($currentVersion, '2.8.2', '<'):
$content[] = <<<EOF
<pre>2.8.2 changes
-----------------
+ Bug Fix: Unstyled permission pop up.
</pre>
EOF;
}
// End of switch statement
return TRUE;
}
include '../../core/conf/404.html';
exit;
}
if (!isset($_REQUEST['action'])) {
PHPWS_Core::errorPage('404');
}
if (!class_exists('PHPWS_User')) {
PHPWS_Error::log('PHPWS_CLASS_NOT_CONSTRUCTED', 'core', NULL, 'Class: PHPWS_Users');
return;
}
PHPWS_Core::initModClass('users', 'Action.php');
switch ($_REQUEST['action']) {
case 'user':
User_Action::userAction();
break;
case 'admin':
User_Action::adminAction();
break;
case 'permission':
User_Action::permission();
break;
case 'popup_permission':
User_Action::popupPermission();
exit;
break;
case 'reset':
$_SESSION['User'] = new PHPWS_User();
PHPWS_Core::home();
break;
}
// End area switch
public static function getAllGroups()
{
PHPWS_Core::initModClass('users', 'Action.php');
return User_Action::getGroups('group');
}
public function postForgot(&$content)
{
if (empty($_POST['fg_username']) && empty($_POST['fg_email'])) {
$content = dgettext('users', 'You must enter either a username or email address.');
return false;
}
if (!empty($_POST['fg_username'])) {
$username = $_POST['fg_username'];
if (preg_match('/\'|"/', html_entity_decode(strip_tags($username), ENT_QUOTES))) {
$content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
return false;
}
$db = new PHPWS_DB('users');
$db->addWhere('username', strtolower($username));
$db->addColumn('email');
$db->addColumn('id');
$db->addColumn('deity');
$db->addColumn('authorize');
$user_search = $db->select('row');
if (PHPWS_Error::logIfError($user_search)) {
$content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
return false;
} elseif (empty($user_search)) {
$content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
return false;
} else {
if ($user_search['deity'] && !ALLOW_DEITY_FORGET) {
Security::log(dgettext('users', 'Forgotten password attempt made on a deity account.'));
$content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.');
return false;
}
if ($user_search['authorize'] != 1) {
$content = sprintf(dgettext('users', 'Sorry but your authorization is not checked on this site. Please contact %s for information on reseting your password.'), PHPWS_User::getUserSetting('site_contact'));
return false;
}
if (PHPWS_Core::isPosted()) {
$content = dgettext('users', 'Please check your email for a response.');
return true;
}
if (empty($user_search['email'])) {
$content = dgettext('users', 'Your email address is missing from your account. Please contact the site administrators.');
PHPWS_Error::log(USER_ERR_NO_EMAIL, 'users', 'User_Action::postForgot');
return true;
}
if (User_Action::emailPasswordReset($user_search['id'], $user_search['email'])) {
$content = dgettext('users', 'We have sent you an email to reset your password.');
return true;
} else {
$content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.');
return true;
}
}
} elseif (!empty($_POST['fg_email'])) {
$email = $_POST['fg_email'];
if (preg_match('/\'|"/', html_entity_decode(strip_tags($email), ENT_QUOTES))) {
$content = dgettext('users', 'Email address not found. Please try again.');
return false;
}
if (!PHPWS_Text::isValidInput($email, 'email')) {
$content = dgettext('users', 'Email address not found. Please try again.');
return false;
}
$db = new PHPWS_DB('users');
$db->addWhere('email', $email);
$db->addColumn('username');
$user_search = $db->select('row');
if (PHPWS_Error::logIfError($user_search)) {
$content = dgettext('users', 'Email address not found. Please try again.');
return false;
} elseif (empty($user_search)) {
$content = dgettext('users', 'Email address not found. Please try again.');
return false;
} else {
if (PHPWS_Core::isPosted()) {
$content = dgettext('users', 'Please check your email for a response.');
return true;
}
if (User_Action::emailUsernameReminder($user_search['username'], $email)) {
$content = dgettext('users', 'We have sent you an user name reminder. Please check your email and return to log in.');
return true;
} else {
$content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.');
return true;
}
}
}
}
public static function settings()
{
$form = new PHPWS_Form();
$form->addHidden('module', 'blog');
$form->addHidden('action', 'admin');
$form->addHidden('command', 'post_settings');
$form->addText('blog_limit', PHPWS_Settings::get('blog', 'blog_limit'));
$form->setSize('blog_limit', 2, 2);
$form->setLabel('blog_limit', dgettext('blog', 'Entries shown per page'));
$form->addCssClass('blog_limit', 'form-control');
$form->addText('past_entries', PHPWS_Settings::get('blog', 'past_entries'));
$form->setLabel('past_entries', dgettext('blog', 'Previous entries shown'));
$form->setSize('past_entries', 2, 2);
$form->addCssClass('past_entries', 'form-control');
// Show/hide posted on date
$form->addCheck('show_posted_date', 1);
$form->setLabel('show_posted_date', dgettext('blog', 'Show the date the post was made'));
$form->setMatch('show_posted_date', PHPWS_Settings::get('blog', 'show_posted_date'));
// Show/hide posted by user full name
$form->addCheck('show_posted_by', 1);
$form->setLabel('show_posted_by', dgettext('blog', 'Show the author\'s name'));
$form->setMatch('show_posted_by', PHPWS_Settings::get('blog', 'show_posted_by'));
$form->addCheck('simple_image', 1);
$form->setLabel('simple_image', dgettext('blog', 'Use Image Manager'));
$form->setMatch('simple_image', PHPWS_Settings::get('blog', 'simple_image'));
$form->addCheck('mod_folders_only', 1);
$form->setLabel('mod_folders_only', dgettext('blog', 'Hide general image folders'));
$form->setMatch('mod_folders_only', PHPWS_Settings::get('blog', 'mod_folders_only'));
$form->addCheck('home_page_display', 1);
$form->setLabel('home_page_display', dgettext('blog', 'Show blog on home page'));
$form->setMatch('home_page_display', PHPWS_Settings::get('blog', 'home_page_display'));
$form->addCheck('logged_users_only', 1);
$form->setLabel('logged_users_only', dgettext('blog', 'Logged user view only'));
$form->setMatch('logged_users_only', PHPWS_Settings::get('blog', 'logged_users_only'));
PHPWS_Core::initModClass('users', 'Action.php');
$groups = User_Action::getGroups('group');
if (!empty($groups)) {
$group_match = array();
$group_match_str = PHPWS_Settings::get('blog', 'view_only');
if (!empty($group_match_str)) {
$group_match = explode(':', $group_match_str);
}
$form->addMultiple('view_only', $groups);
$form->setLabel('view_only', dgettext('blog', 'Limit blog to specific groups'));
$form->setMatch('view_only', $group_match);
$form->addCssClass('view_only', 'form-control');
}
$show[0] = dgettext('blog', 'Do not show');
$show[1] = dgettext('blog', 'Only on home page');
$show[2] = dgettext('blog', 'Always');
$form->addSelect('show_recent', $show);
$form->setLabel('show_recent', dgettext('blog', 'Show recent entries'));
$form->setMatch('show_recent', PHPWS_Settings::get('blog', 'show_recent'));
$form->addCssClass('show_recent', 'form-control');
$form->addTextField('max_width', PHPWS_Settings::get('blog', 'max_width'));
$form->setLabel('max_width', dgettext('blog', 'Maximum image width (50-2048)'));
$form->setSize('max_width', 4, 4);
$form->addCssClass('max_width', 'form-control');
$form->addTextField('max_height', PHPWS_Settings::get('blog', 'max_height'));
$form->setLabel('max_height', dgettext('blog', 'Maximum image height (50-2048)'));
$form->setSize('max_height', 4, 4);
$form->addCssClass('max_height', 'form-control');
$form->addTextArea('comment_script', PHPWS_Settings::get('blog', 'comment_script'));
$form->setLabel('comment_script', dgettext('blog', 'Paste in your comment code here (e.g. Disqus, Livefyre, Facebook, etc.)'));
$form->addCssClass('comment_script', 'form-control');
$form->addSubmit(dgettext('blog', 'Save settings'));
if (Current_User::isDeity()) {
$date_script = javascript('datetimepicker', array('format' => 'Y/m/d', 'timepicker' => false, 'id' => 'phpws_form_purge_date'), false, true, true);
$form->addText('purge_date', date('Y/m/d', time() - 31536000));
$form->setLabel('purge_date', dgettext('blog', 'Purge all entries before this date'));
$form->addCssClass('purge_date', 'form-control datetimepicker');
$form->addSubmit('purge_confirm', dgettext('blog', 'Confirm purge'));
$form->setClass('purge_confirm', 'btn btn-danger');
} else {
$date_script = null;
}
$template = $form->getTemplate();
$template['date_script'] = $date_script;
if (PHPWS_Settings::get('blog', 'allow_anonymous_submits')) {
$template['MENU_LINK'] = PHPWS_Text::secureLink(dgettext('blog', 'Clip for menu'), 'blog', array('action' => 'admin', 'command' => 'menu_submit_link'));
}
$template['VIEW_LABEL'] = dgettext('blog', 'View');
$template['SUBMISSION_LABEL'] = dgettext('blog', 'Submission');
$template['PAST_NOTE'] = dgettext('blog', 'Set to zero to prevent display');
$template['COMMENTS_LABEL'] = dgettext('blog', 'Commenting');
return PHPWS_Template::process($template, 'blog', 'settings.tpl');
}
/**
* Logs in a user dependant on their authorization setting
*/
public static function loginUser($username, $password = null)
{
if (!Current_User::allowUsername($username)) {
return PHPWS_Error::get(USER_BAD_CHARACTERS, 'users', 'Current_User::loginUser');
}
// First check if they are currently a user
$user = new PHPWS_User();
$db = new PHPWS_DB('users');
$db->addWhere('username', strtolower($username));
$result = $db->loadObject($user);
if (PHPWS_Error::isError($result)) {
return $result;
}
if ($result == false) {
if (PHPWS_Error::logIfError($user->setUsername($username))) {
return false;
}
} else {
// This user is in the local database
if (!$user->approved) {
return PHPWS_Error::get(USER_NOT_APPROVED, 'users', 'Current_User::loginUser');
}
if (!$user->loadScript()) {
Layout::add(dgettext('users', 'Could not load authentication script. Please contact site administrator.'));
return false;
}
}
if (!Current_User::loadAuthorization($user)) {
Layout::add(dgettext('users', 'Could not load authentication script. Please contact site administrator.'));
return false;
}
$auth = Current_User::getAuthorization();
$auth->setPassword($password);
$result = $auth->authenticate();
if (PHPWS_Error::isError($result)) {
return $result;
}
if ($result == true) {
// If the user id is zero and the authorization wants a new
// user created
if (!$user->id && $auth->create_new_user) {
$user->setActive(true);
$user->setApproved(true);
$auth->createUser();
$user->save();
PHPWS_Core::initModClass('users', 'Action.php');
User_Action::assignDefaultGroup($user);
}
if (!$user->active) {
return PHPWS_Error::get(USER_DEACTIVATED, 'users', 'Current_User:loginUser', $user->username);
}
if ($auth->localUser()) {
$user->login();
}
unset($_SESSION['User']);
$_SESSION['User'] = $user;
return true;
} else {
return false;
}
}
