/**
* Load the form
*/
private function loadForm()
{
// create user objects
$this->user = new BackendUser($this->id);
$this->allowUserRights = BackendAuthentication::isAllowedAction('Add') || $this->authenticatedUser->getUserId() != $this->id || $this->authenticatedUser->isGod();
// redirect to error page when not allowed to edit other profiles
if (!$this->authenticatedUser->isGod() && ($this->authenticatedUser->getUserId() != $this->id && !BackendAuthentication::isAllowedAction('Add'))) {
$this->redirect(BackendModel::createURLForAction('Error') . '&type=not-allowed');
}
// create form
$this->frm = new BackendForm('edit');
// get active groups
$groups = BackendGroupsModel::getGroupsByUser($this->id);
// loop through groups and set checked
foreach ($groups as $group) {
$checkedGroups[] = $group['id'];
}
// create elements
// profile
$this->frm->addText('email', $this->record['email'], 255)->setAttribute('type', 'email');
if ($this->user->isGod()) {
$this->frm->getField('email')->setAttributes(array('disabled' => 'disabled'));
}
$this->frm->addText('name', $this->record['settings']['name'], 255);
$this->frm->addText('surname', $this->record['settings']['surname'], 255);
$this->frm->addText('nickname', $this->record['settings']['nickname'], 24);
$this->frm->addImage('avatar');
// password
// check if we're god or same user
if ($this->authenticatedUser->getUserId() == $this->id || $this->authenticatedUser->isGod()) {
// allow to set new password
$this->frm->addPassword('new_password', null, 75);
$this->frm->addPassword('confirm_password', null, 75);
// disable autocomplete
$this->frm->getField('new_password')->setAttributes(array('autocomplete' => 'off'));
$this->frm->getField('confirm_password')->setAttributes(array('autocomplete' => 'off'));
}
// settings
$this->frm->addDropdown('interface_language', BL::getInterfaceLanguages(), $this->record['settings']['interface_language']);
$this->frm->addDropdown('date_format', BackendUsersModel::getDateFormats(), $this->user->getSetting('date_format'));
$this->frm->addDropdown('time_format', BackendUsersModel::getTimeFormats(), $this->user->getSetting('time_format'));
$this->frm->addDropdown('number_format', BackendUsersModel::getNumberFormats(), $this->user->getSetting('number_format', 'dot_nothing'));
$this->frm->addDropdown('csv_split_character', BackendUsersModel::getCSVSplitCharacters(), $this->user->getSetting('csv_split_character'));
$this->frm->addDropdown('csv_line_ending', BackendUsersModel::getCSVLineEndings(), $this->user->getSetting('csv_line_ending'));
// permissions
$this->frm->addCheckbox('active', $this->record['active'] == 'Y');
// only when GOD or when you can edit other users
if ($this->allowUserRights) {
// disable active field for current users
if ($this->authenticatedUser->getUserId() == $this->record['id']) {
$this->frm->getField('active')->setAttribute('disabled', 'disabled');
}
// @TODO remove this when the api is kicked out
$this->frm->addCheckbox('api_access', isset($this->record['settings']['api_access']) && $this->record['settings']['api_access'] == 'Y');
$this->frm->addMultiCheckbox('groups', BackendGroupsModel::getAll(), $checkedGroups);
}
}
/**
* Execute the action
*/
public function execute()
{
// get parameters
$this->id = $this->getParameter('id', 'int');
// does the user exist
if ($this->id !== null && BackendUsersModel::exists($this->id) && BackendAuthentication::getUser()->getUserId() != $this->id) {
parent::execute();
// get data
$user = new BackendUser($this->id);
// God-users can't be deleted
if ($user->isGod()) {
$this->redirect(BackendModel::createURLForAction('Index') . '&error=cant-delete-god');
}
// delete item
BackendUsersModel::delete($this->id);
// trigger event
BackendModel::triggerEvent($this->getModule(), 'after_delete', array('id' => $this->id));
// item was deleted, so redirect
$this->redirect(BackendModel::createURLForAction('Index') . '&report=deleted&var=' . $user->getSetting('nickname'));
} else {
$this->redirect(BackendModel::createURLForAction('Index') . '&error=non-existing');
}
}
/**
* Execute the action
*/
public function execute()
{
$email = $this->getParameter('email', 'string');
// does the user exist
if ($email !== null) {
parent::execute();
// delete item
if (BackendUsersModel::undoDelete($email)) {
// get user
$user = new BackendUser(null, $email);
// trigger event
$item = array('id' => $user->getUserId(), 'email' => $email);
BackendModel::triggerEvent($this->getModule(), 'after_undelete', array('item' => $item));
// item was deleted, so redirect
$this->redirect(BackendModel::createURLForAction('edit') . '&id=' . $user->getUserId() . '&report=restored&var=' . $user->getSetting('nickname') . '&highlight=row-' . $user->getUserId());
} else {
// invalid user
$this->redirect(BackendModel::createURLForAction('index') . '&error=non-existing');
}
} else {
$this->redirect(BackendModel::createURLForAction('index') . '&error=non-existing');
}
}
/**
* Remove a device from a user.
*
* @param string $uri The uri of the channel opened for the device.
* @param string $email The emailaddress for the user to link the device to.
*/
public static function microsoftRemoveDevice($uri, $email)
{
if (BaseAPI::isAuthorized()) {
// redefine
$uri = (string) $uri;
// validate
if ($uri == '') {
BaseAPI::output(BaseAPI::BAD_REQUEST, array('message' => 'No uri-parameter provided.'));
}
if ($email == '') {
BaseAPI::output(BaseAPI::BAD_REQUEST, array('message' => 'No email-parameter provided.'));
}
try {
// load user
$user = new User(null, $email);
// get current uris
$uris = (array) $user->getSetting('microsoft_channel_uri');
// not already in array?
$index = array_search($uri, $uris);
if ($index !== false) {
// remove from array
unset($uris[$index]);
// save it
$user->setSetting('microsoft_channel_uri', $uris);
}
} catch (Exception $e) {
BaseAPI::output(BaseAPI::FORBIDDEN, array('message' => 'Can\'t authenticate you.'));
}
}
}
/**
* Returns the encrypted password for a user by giving a email/password
* Returns false if no user was found for this user/pass combination
*
* @param string $email The email.
* @param string $password The password.
*
* @return string
*/
public static function getEncryptedPassword($email, $password)
{
$email = (string) $email;
$password = (string) $password;
// fetch user ID by email
$userId = BackendUsersModel::getIdByEmail($email);
// check if a user ID was found, return false if no user exists
if ($userId === false) {
return false;
}
// fetch user record
$user = new User($userId);
$key = $user->getSetting('password_key');
// return the encrypted string
return (string) self::getEncryptedString($password, $key);
}
/**
* Default authentication
*
* @return bool
*/
public static function isAuthorized()
{
// grab data
$email = \SpoonFilter::getGetValue('email', null, '');
$nonce = \SpoonFilter::getGetValue('nonce', null, '');
$secret = \SpoonFilter::getGetValue('secret', null, '');
// data can be available in the POST, so check it
if ($email == '') {
$email = \SpoonFilter::getPostValue('email', null, '');
}
if ($nonce == '') {
$nonce = \SpoonFilter::getPostValue('nonce', null, '');
}
if ($secret == '') {
$secret = \SpoonFilter::getPostValue('secret', null, '');
}
// check if needed elements are available
if ($email === '' || $nonce === '' || $secret === '') {
return self::output(self::NOT_AUTHORIZED, array('message' => 'Not authorized.'));
}
// get the user
try {
$user = new BackendUser(null, $email);
} catch (\Exception $e) {
return self::output(self::FORBIDDEN, array('message' => 'This account does not exist.'));
}
// get settings
$apiAccess = $user->getSetting('api_access', false);
$apiKey = $user->getSetting('api_key');
// no API-access
if (!$apiAccess) {
return self::output(self::FORBIDDEN, array('message' => 'Your account isn\'t allowed to use the API. Contact an administrator.'));
}
// create hash
$hash = BackendAuthentication::getEncryptedString($email . $apiKey, $nonce);
// output
if ($secret != $hash) {
return self::output(self::FORBIDDEN, array('message' => 'Invalid secret.'));
}
// return
return true;
}
/**
* Get the HTML for a user to use in a datagrid
*
* @param int $id The Id of the user.
* @return string
*/
public static function getUser($id)
{
$id = (int) $id;
// nothing in cache
if (!isset(self::$dataGridUsers[$id])) {
// create user instance
$user = new User($id);
// get settings
$avatar = $user->getSetting('avatar', 'no-avatar.gif');
$nickname = $user->getSetting('nickname');
$allowed = Authentication::isAllowedAction('Edit', 'Users');
// build html
$html = '<div class="dataGridAvatar">' . "\n";
$html .= ' <div class="avatar av24">' . "\n";
if ($allowed) {
$html .= ' <a href="' . BackendModel::createURLForAction('Edit', 'Users') . '&id=' . $id . '">' . "\n";
}
$html .= ' <img src="' . FRONTEND_FILES_URL . '/backend_users/avatars/32x32/' . $avatar . '" width="24" height="24" alt="' . $nickname . '" />' . "\n";
if ($allowed) {
$html .= ' </a>' . "\n";
}
$html .= ' </div>';
$html .= ' <p><a href="' . BackendModel::createURLForAction('edit', 'users') . '&id=' . $id . '">' . $nickname . '</a></p>' . "\n";
$html .= '</div>';
self::$dataGridUsers[$id] = $html;
}
return self::$dataGridUsers[$id];
}
/**
* Update the user password
*
* @param BackendUser $user An instance of BackendUser.
* @param string $password The new password for the user.
*/
public static function updatePassword(BackendUser $user, $password)
{
// fetch user info
$userId = $user->getUserId();
$key = $user->getSetting('password_key');
// update user
BackendModel::getContainer()->get('database')->update('users', array('password' => BackendAuthentication::getEncryptedString((string) $password, $key)), 'id = ?', $userId);
// remove the user settings linked to the resetting of passwords
self::deleteResetPasswordSettings($userId);
}
