function createUser($password = null, $group = null)
{
if (!$group) {
$groupId = 3;
} else {
$groupId = $group['id'];
}
$user = new User(['name' => 'user-' . mkRandomHash(5) . '-name', 'username' => 'user-' . mkRandomHash(5) . '-username', 'email' => 'user-' . mkRandomHash(5) . '*****@*****.**', 'password' => $password ?: microtime(), 'group_id' => $groupId]);
$user->save();
return $user;
}
/**
* Save user.
*
* @param integer $id
*/
public function saveAction($id)
{
$this->addCrumb($this->translate('edit'), $this->generateUrl('admin_edit_user'));
// Fetch and update user
$user = User::find($id);
$params = $this->modelParams();
// Update password.
if (!empty($params['password'])) {
$user->setPassword($params['password']);
}
// Remove password from params
unset($params['password']);
// Set the rest of the params
$user->set($params);
if ($user->save()) {
return $this->redirectTo('admin_users');
} else {
$this->set('user', $user);
return $this->respondTo(function ($format) use($user) {
if ($format == "html") {
return $this->render('admin/users/edit.phtml');
} elseif ($format == "json") {
return $this->jsonResponse($user);
}
});
}
}
/**
* Create session.
*/
public function createAction()
{
$user = User::find('username', Request::$post->get('username'));
if ($user && $user->authenticate(Request::$post->get('password'))) {
return $this->redirectTo('root')->addCookie('traq', $user['session_hash']);
} else {
return $this->render('sessions/new.phtml', ['error' => true]);
}
}
public function __construct()
{
// parent::__construct();
session_start();
$this->db = $GLOBALS['db'];
$this->title(setting('title'));
$this->set('traq', $this);
// Is this an overlay request?
if (Request::$headers->has('X-Overlay')) {
$this->isOverlay = true;
$this->layout = false;
}
// Are we on a project page?
if ($projectSlug = Request::$properties->get('pslug')) {
$this->currentProject = Project::where('slug = ?')->setParameter(0, $projectSlug)->fetch();
}
// Is the user logged in?
if (isset($_COOKIE['traq']) && ($sessionHash = $_COOKIE['traq'])) {
$user = User::select('u.*', 'g.is_admin')->leftJoin('u', PREFIX . 'usergroups', 'g', 'g.id = u.group_id');
// Project role
if ($this->currentProject) {
$user->addSelect('r.project_role_id')->leftJoin('u', PREFIX . 'user_roles', 'r', 'r.user_id = u.id');
}
// By session
if ($sessionHash) {
$user->where('u.login_hash = :login_hash')->setParameter('login_hash', $sessionHash);
}
// By API key
// if ($apiKey) {
// }
$this->currentUser = $user->fetch();
}
// Set current user
$GLOBALS['currentUser'] = $this->currentUser;
$this->set('currentUser', $this->currentUser);
// Set current project
$GLOBALS['currentProject'] = $this->currentProject;
$this->set('currentProject', $this->currentProject);
// Set title
if ($this->currentProject) {
$this->title($this->currentProject['name']);
}
// Check permission
$this->before('*', function () use($projectSlug) {
// Check if project exists
if ($projectSlug && !$this->currentProject || $projectSlug && !$this->hasPermission('view')) {
return $this->show404();
}
});
$this->before('*', function () {
if ($this->currentUser && $this->currentUser['password_ver'] == 'sha1' && Request::$properties->get('controller') != 'Traq\\Controllers\\UserCP' && Request::$properties->get('controller') != 'Traq\\Controllers\\Sessions') {
return $this->redirectTo('usercp_password');
}
});
}
/**
* Migrate database and create admin account.
*/
public function installAction()
{
// Create database connection and load migrations
$connection = ConnectionManager::create($_SESSION['db']);
$this->loadMigrations();
// Migrate the database.
$m = new Migrator();
$m->migrate('up');
// Create admin account
$admin = new User($_SESSION['admin'] + ['name' => $_SESSION['admin']['username'], 'group_id' => 1]);
$admin->save();
// Set config file contents
$this->set("config", $this->makeConfig());
// Insert defaults
$seeder = new Seeder();
$seeder->seed();
// Remove database and account details from the session.
unset($_SESSION['db'], $_SESSION['admin']);
$this->title("Complete");
return $this->render("complete.phtml");
}
/**
* User profile page.
*
* @param integer $id
*/
public function showAction($id)
{
// If the user doesn't exist, display the 404 page.
if (!($user = User::find($id))) {
return $this->show404();
}
// Set the title
$this->title($this->translate('users'));
$this->title($user->name);
$this->set('profile', $user);
return $this->render("profile/show.phtml");
}
/**
* Validate and create account.
*/
public function createAction()
{
// Validate user
$user = new User($this->userParams());
// Check for errors
if ($user->validate()) {
$user->save();
// Is email validation turned on?
if (setting('email_validation')) {
// Insert validation row
$activationCode = random_hash();
$this->db->insert(PREFIX . 'user_activation_codes', ['user_id' => $user->id, 'activation_code' => $activationCode, 'type' => 'email_validation']);
// Send notification and render login form
Notification::accountActivation($user, $activationCode)->send();
return $this->render("sessions/new.phtml", ['activationRequired' => true]);
}
return $this->redirectTo('session_new');
} else {
$this->title($this->translate('register'));
return $this->render('users/new.phtml', ['user' => $user]);
}
}
/**
* Dashboard index page.
*/
public function indexAction()
{
// Check for update
$lastUpdateCheck = Setting::find('setting', 'last_update_check');
if ($lastUpdateCheck->value <= time() - 86400) {
$this->checkForUpdate();
$lastUpdateCheck->value = time();
$lastUpdateCheck->save();
}
// Get information
$info = ['users' => User::select('id')->rowCount(), 'newestUser' => User::select('id', 'name')->orderBy('id', 'DESC')->execute()->fetch(), 'projects' => User::select('id')->rowCount()];
// Issues
$info['tickets'] = ['open' => Ticket::select('id')->where('is_closed = ?')->setParameter(0, 0)->rowCount(), 'closed' => Ticket::select('id')->where('is_closed = ?')->setParameter(0, 1)->rowCount()];
return $this->render('admin/dashboard/index.phtml', $info);
}
/**
* Create session
*/
public function createAction()
{
$user = User::find('username', Request::$post->get('username'));
if ($user && $user->authenticate(Request::$post->get('password'))) {
// Check account activation
if (setting('email_validation') && !$user->isActivated()) {
return $this->render("sessions/new.phtml", ['activationRequired' => true]);
}
$response = new RedirectResponse(routeUrl('root'));
$response->addCookie('traq', $user->login_hash, time() + 2 * 4 * 7 * 24 * 60 * 60 * 60, '/');
return $response;
} else {
return $this->render('sessions/new.phtml', ['error' => true]);
}
}
/**
* Add project member.
*
* @return \Avalon\Http\RedirectResponse|\Avalon\Http\Response
*/
public function createAction()
{
$errors = [];
$user = User::find('username', Request::$post->get('username'));
$role = ProjectRole::find(Request::$post->get('role_id'));
// Check if they entered a username
if (!Request::$post->has('username') || Request::$post->get('username') == '') {
$errors['username'] = $this->translate('errors.validations.required', ['field' => $this->translate('username')]);
} elseif (!$user) {
$errors['username'] = $this->translate('errors.users.doesnt_exist');
}
// Check if the user is already a member of the project
if ($user) {
$member = UserRole::select('id')->where('project_id = ?')->setParameter(0, $this->currentProject['id'])->andWhere('user_id = ?')->setParameter(1, $user->id)->execute();
}
if ($user && isset($member) && $member->rowCount() > 0) {
$errors['username'] = $this->translate('errors.users.already_a_project_member');
}
// Check if they chose a role
if (Request::$post->get('role_id', '') == '') {
$errors['role_id'] = $this->translate('errors.validations.required', ['field' => $this->translate('role')]);
}
// Check if the role exists
if (!$role) {
$errors['role'] = $this->translate('errors.roles.doesnt_exist');
}
// Check if the role belongs to the project
if ($role && ($role->project_id != 0 && $role->project_id != $this->currentProject['id'])) {
$errors['role'] = $this->translate('errors.roles.invalid_role');
}
if (count($errors)) {
return $this->render('project_settings/members/new.phtml', ['errors' => $errors]);
} else {
$userRole = new UserRole(['project_id' => $this->currentProject['id'], 'project_role_id' => $role->id, 'user_id' => $user->id]);
$userRole->save();
return $this->redirectTo('project_settings_members');
}
}
<?php
/*!
* Traq Lite
* Copyright (c) 2009-2016 Jack P.
* https://github.com/nirix/traq-lite
*
* Licensed under the BSD 3-Clause license.
*/
use Traq\Models\User;
$user = new User();
if (Request::$method == 'POST') {
$user = new User(['name' => Request::$post['name'], 'username' => Request::$post['username'], 'password' => Request::$post['password'], 'email' => Request::$post['email'], 'group_id' => Request::$post['group_id']]);
if ($user->validate()) {
db()->beginTransaction();
$query = db()->prepare('
INSERT INTO ' . PREFIX . 'users
(name, username, password, email, group_id, session_hash, created_at)
VALUES(:name, :username, :password, :email, :group_id, :session_hash, NOW())
');
$query->bindValue(':name', $user['name'], PDO::PARAM_STR);
$query->bindValue(':username', $user['username'], PDO::PARAM_STR);
$query->bindValue(':password', password_hash($user['password'], PASSWORD_DEFAULT), PDO::PARAM_STR);
$query->bindValue(':email', $user['email'], PDO::PARAM_STR);
$query->bindValue(':group_id', $user['group_id'], PDO::PARAM_INT);
$query->bindValue(':session_hash', sha1(microtime() . time() . rand(0, 500)), PDO::PARAM_STR);
$query->execute();
db()->commit();
return redirect('/admin/users');
}
}
/*!
* Traq Lite
* Copyright (c) 2009-2016 Jack P.
* https://github.com/nirix/traq-lite
*
* Licensed under the BSD 3-Clause license.
*/
use Traq\Models\User;
$query = db()->prepare('SELECT * FROM ' . PREFIX . 'users WHERE id = ? LIMIT 1');
$query->bindValue(1, Request::$properties['id']);
$query->execute();
$user = $query->fetch();
if (!$user) {
return show404();
}
$user = new User($user);
if (Request::$method == 'POST') {
$user->set(['name' => Request::$post['name'], 'username' => Request::$post['username'], 'email' => Request::$post['email'], 'group_id' => Request::$post['group_id']]);
if ($user->validate()) {
db()->beginTransaction();
$query = db()->prepare("\n UPDATE " . PREFIX . "users\n SET name = :name,\n username = :username,\n email = :email,\n group_id = :group_id\n WHERE id = :id\n LIMIT 1\n ");
$query->bindValue(':id', $user['id'], PDO::PARAM_INT);
$query->bindValue(':name', $user['name'], PDO::PARAM_STR);
$query->bindValue(':username', $user['username'], PDO::PARAM_STR);
$query->bindValue(':email', $user['email'], PDO::PARAM_STR);
$query->bindValue(':group_id', $user['group_id'], PDO::PARAM_INT);
$query->execute();
db()->commit();
return redirect('/admin/users');
}
}
/**
* Update password.
*
* @return \Avalon\Http\Response
*/
public function savePasswordAction()
{
$user = User::find($this->currentUser['id']);
$this->set(compact('user'));
// Authenticate current password
if (!$user->authenticate(Request::$post->get('current_password'))) {
$user->addError('password', $this->translate('errors.incorrect_password'));
} else {
// Confirm passwords
if (Request::$post->get('password') !== Request::$post->get('password_confirmation')) {
$user->addError('password', $this->translate('errors.validations.confirm', ['field' => $this->translate('password')]));
} else {
$user->password = Request::$post->get('password');
// Save and redirect
if ($user->validate()) {
// Update password
$user->setPassword(Request::$post->get('password'));
$user->password_ver = 'crypt';
$user->save();
return $this->redirectTo('usercp_password');
}
}
}
// Incorrect password or new passwords don't match.
return $this->render('usercp/password.phtml');
}
/**
* Creates the anonymous user and returns the ID.
*
* @return integer
*/
protected function createAnonymousUser()
{
$password = rand(0, 9999) . time() . microtime();
// For email validation, emails must match x@y.z
$host = $_SERVER['HTTP_HOST'] == 'localhost' ? 'lvh.me' : $_SERVER['HTTP_HOST'];
$user = new User(['name' => "Anonymous", 'username' => "Anonymous", 'password' => $password, 'password_confirmation' => $password, 'email' => "noreply@" . $host, 'group_id' => 3]);
if (!$user->save()) {
var_dump($user->errors());
}
return $user->id;
}
/**
* Always call this when defining `__construct()` in sub-classes.
*/
public function __construct()
{
$this->db = ConnectionManager::getConnection();
// Modal?
if (Request::$headers->has('X-Modal')) {
$this->isModal = Request::$headers->get('X-Modal') == true;
}
// Get current project.
if (Request::$properties->has('pslug')) {
$this->currentProject = Project::find('slug', Request::$properties->get('pslug')) ?: null;
$GLOBALS['current_project'] = $this->currentProject;
$this->before('*', function () {
if (!$this->hasPermission('view', $this->currentProject)) {
return $this->show404();
}
});
} else {
$GLOBALS['current_project'] = null;
}
// Get current user.
if ($sessionHash = Request::$cookies->get('traq')) {
if ($this->currentProject) {
$user = User::select('u.*')->addSelect('pur.project_role_id')->leftJoin('u', UserRole::tableName(), 'pur', 'pur.project_id = :project_id AND pur.user_id = u.id');
$user->where('u.session_hash = :session_hash');
$user->setParameter('project_id', $this->currentProject['id']);
$user->setParameter('session_hash', $sessionHash);
$this->currentUser = $user->fetch() ?: null;
} else {
$this->currentUser = User::find('session_hash', $sessionHash) ?: null;
}
$GLOBALS['current_user'] = $this->currentUser;
} else {
$GLOBALS['current_user'] = null;
}
$GLOBALS['permissions'] = Permission::getPermissions($this->currentUser, $this->currentProject);
// Add Traq as first breadcrumb.
$this->addCrumb(setting('title'), $this->generateUrl('root'));
// Check if the user has permission to view the current project
if (isset($this->currentProject)) {
$this->before('*', function () {
if (!$this->hasPermission('view')) {
return $this->show403();
}
});
}
// If the user has a `sha1` hashed password, require them to change it because
// as of Traq 4.1, only mcrypt passwords will work.
if ($this->currentUser['password_ver'] == 'sha1') {
$this->before('*', function () {
if (Request::$properties['controller'] != 'Traq\\Controllers\\UserCP' && Request::$properties['controller'] != 'Traq\\Controllers\\Sessions') {
return $this->redirectTo('usercp_password');
}
});
}
}
/**
* Make the ticket history changes array.
*
* @param Ticket $ticket
* @param array $data
*
* @return array
*/
protected function makeChanges($ticket, $data)
{
$changes = [];
foreach ($data as $field => $value) {
$fieldNoId = str_replace('_id', '', $field);
if ($value != $ticket[$field]) {
switch ($field) {
case 'summary':
$from = $ticket[$field];
$to = $data[$field];
break;
case 'type_id':
case 'status_id':
case 'milestone_id':
case 'version_id':
case 'component_id':
case 'priority_id':
case 'severity_id':
$model = '\\Traq\\Models\\' . ucfirst($fieldNoId == 'version' ? 'milestone' : $fieldNoId);
$from = $ticket[$fieldNoId . '_name'];
if ($data[$field] == 0) {
$to = null;
} else {
$to = $model::find($data[$field])->name;
}
break;
case 'assigned_to_id':
$from = $ticket['assigned_to_name'];
if ($value == 0) {
$to = null;
} else {
$user = User::find($value);
$to = $user->name;
}
break;
}
$changes[] = ['property' => $fieldNoId, 'from' => $from, 'to' => $to];
}
}
return $changes;
}
/**
* Get the anonymous user.
*
* @return User
*/
function anonymous_user()
{
static $anonymousUser;
if (!$anonymousUser) {
$anonymousUser = User::select('u.*', 'g.is_admin')->leftJoin('u', PREFIX . 'usergroups', 'g', 'g.id = u.group_id')->where('u.id = :id')->setParameter('id', setting('anonymous_user_id'))->fetch();
}
return $anonymousUser;
}
/**
* Revisions listing.
*
* @param string $slug
*/
public function revisionsAction()
{
$revisions = $this->page->revisions()->addSelect('u.name AS user_name')->addSelect('u.email AS user_email')->leftJoin('wiki_revision', User::tableName(), 'u', 'wiki_revision.user_id = u.id')->orderBy('revision', 'DESC')->fetchAll();
$this->addCrumb($this->translate('revisions'), routeUrl('wiki_revisions'));
return $this->respondTo(function ($format) use($revisions) {
if ($format == 'html') {
return $this->render('wiki/revisions.phtml', ['page' => $this->page, 'revisions' => $revisions]);
} elseif ($format == 'json') {
return $this->jsonResponse($revisions);
}
});
}