public function testUpdateACL() { // another fake user to test with $user = new ElggUser(); $user->username = '******' . rand(); $user->email = '*****@*****.**' . rand(); $user->name = 'fake user'; $user->access_id = ACCESS_PUBLIC; $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, rand()); $user->owner_guid = 0; $user->container_guid = 0; $user->save(); $acl_id = create_access_collection('test acl'); $member_lists = array(array($this->user->guid, $user->guid), array($user->guid), array($this->user->guid), array()); foreach ($member_lists as $members) { $result = update_access_collection($acl_id, $members); $this->assertTrue($result); if ($result) { $q = "SELECT * FROM {$this->dbPrefix}access_collection_membership\n\t\t\t\t\tWHERE access_collection_id = {$acl_id}"; $data = get_data($q); if (count($members) == 0) { $this->assertFalse($data); } else { $this->assertEqual(count($members), count($data)); } foreach ($data as $row) { $this->assertTrue(in_array($row->user_guid, $members)); } } } delete_access_collection($acl_id); $user->delete(); }
/** * Set a user's password * * @return bool * @since 1.8.0 * @access private */ function elgg_set_user_password() { $current_password = get_input('current_password', null, false); $password = get_input('password', null, false); $password2 = get_input('password2', null, false); $user_guid = get_input('guid'); if (!$user_guid) { $user = elgg_get_logged_in_user_entity(); } else { $user = get_entity($user_guid); } if ($user && $password) { // let admin user change anyone's password without knowing it except his own. if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { $credentials = array('username' => $user->username, 'password' => $current_password); try { pam_auth_userpass($credentials); } catch (LoginException $e) { register_error(elgg_echo('LoginException:ChangePasswordFailure')); return false; } } try { $result = validate_password($password); } catch (RegistrationException $e) { register_error($e->getMessage()); return false; } if ($result) { if ($password == $password2) { $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); $user->code = ''; if ($user->guid == elgg_get_logged_in_user_guid() && !empty($_COOKIE['elggperm'])) { // regenerate remember me code so no other user could // use it to authenticate later $code = _elgg_generate_remember_me_token(); $_SESSION['code'] = $code; $user->code = md5($code); setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if ($user->save()) { system_message(elgg_echo('user:password:success')); return true; } else { register_error(elgg_echo('user:password:fail')); } } else { register_error(elgg_echo('user:password:fail:notsame')); } } else { register_error(elgg_echo('user:password:fail:tooshort')); } } else { // no change return null; } return false; }
/** * Set a user's password * * @return bool * @since 1.8.0 * @access private */ function _elgg_set_user_password() { $current_password = get_input('current_password', null, false); $password = get_input('password', null, false); $password2 = get_input('password2', null, false); $user_guid = get_input('guid'); if ($user_guid) { $user = get_user($user_guid); } else { $user = elgg_get_logged_in_user_entity(); } if ($user && $password) { // let admin user change anyone's password without knowing it except his own. if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { $credentials = array('username' => $user->username, 'password' => $current_password); try { pam_auth_userpass($credentials); } catch (LoginException $e) { register_error(elgg_echo('LoginException:ChangePasswordFailure')); return false; } } try { $result = validate_password($password); } catch (RegistrationException $e) { register_error($e->getMessage()); return false; } if ($result) { if ($password == $password2) { $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); _elgg_services()->persistentLogin->handlePasswordChange($user, elgg_get_logged_in_user_entity()); if ($user->save()) { system_message(elgg_echo('user:password:success')); return true; } else { register_error(elgg_echo('user:password:fail')); } } else { register_error(elgg_echo('user:password:fail:notsame')); } } else { register_error(elgg_echo('user:password:fail:tooshort')); } } else { // no change return null; } return false; }
/** * Called before each test object. */ public function __construct() { parent::__construct(); $this->user = new ElggUser(); $this->user->username = '******' . rand(); $this->user->email = '*****@*****.**' . rand(); $this->user->name = 'fake user ' . rand(); $this->user->access_id = ACCESS_PUBLIC; $this->user->salt = _elgg_generate_password_salt(); $this->user->password = generate_user_password($this->user, rand()); $this->user->owner_guid = 0; $this->user->container_guid = 0; $this->user->save(); }
/** * Create a new user from Twitter information * * @param object $twitter Twitter OAuth response * @return ElggUser */ function twitter_api_create_user($twitter) { // check new registration allowed if (!twitter_api_allow_new_users_with_twitter()) { register_error(elgg_echo('registerdisabled')); forward(); } // Elgg-ify Twitter credentials $username = $twitter->screen_name; while (get_user_by_username($username)) { // @todo I guess we just hope this is good enough $username = $twitter->screen_name . '_' . rand(1000, 9999); } $password = generate_random_cleartext_password(); $name = $twitter->name; $user = new ElggUser(); $user->username = $username; $user->name = $name; $user->access_id = ACCESS_PUBLIC; $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); $user->owner_guid = 0; $user->container_guid = 0; if (!$user->save()) { register_error(elgg_echo('registerbad')); forward(); } return $user; }
* for a user, then emails the password to the user's registered * email address. * * NOTE: This is different to the "reset password" link users * can use in that it does not first email the user asking if * they want to have their password reset. * * @package Elgg.Core * @subpackage Administration.User */ $guid = get_input('guid'); $user = get_entity($guid); if ($user instanceof ElggUser && $user->canEdit()) { $password = generate_random_cleartext_password(); // Always reset the salt before generating the user password. $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); if ($user->save()) { system_message(elgg_echo('admin:user:resetpassword:yes')); /*notify_user($user->guid, elgg_get_site_entity()->guid, elgg_echo('email:resetpassword:subject'), elgg_echo('email:resetpassword:body', array($user->username, $password)), NULL, 'email');*/ $site_name = elgg_get_site_entity()->name; zhgroups_send_email($site_name, $user->email, elgg_echo('email:resetpassword:subject', array($site_name)), '<div style="color:#333;font-size:16px;">' . elgg_echo('email:resetpassword:body', array($user->username, $password)) . '</div>'); } else { register_error(elgg_echo('admin:user:resetpassword:no')); } } else {
function import_to_stormpath() { $dbprefix = elgg_get_config('dbprefix'); $subject = elgg_get_plugin_setting('import_subject', PLUGIN_ID); $message = elgg_get_plugin_setting('import_message', PLUGIN_ID); $site = elgg_get_site_entity(); $site_url = elgg_get_site_url(); if (!$subject || !$message) { error_log('no subject/message'); return true; } if (is_elgg18()) { $name_id = add_metastring('__stormpath_user'); $value_id = add_metastring(1); } else { $name_id = elgg_get_metastring_id('__stormpath_user'); $value_id = elgg_get_metastring_id(1); } $options = array('type' => 'user', 'joins' => array("LEFT JOIN {$dbprefix}metadata md ON md.entity_guid = e.guid AND md.name_id = {$name_id}"), 'wheres' => array('md.name_id IS NULL'), 'limit' => false); $batch = new \ElggBatch('elgg_get_entities', $options); $batch->setIncrementOffset(false); foreach ($batch as $user) { // search stormpath for a matching account $application = get_application(); $accts = $application->getAccounts(array('email' => $user->email)); $already_exists = false; foreach ($accts as $a) { $user->__stormpath_user = $a->href; error_log('set user ' . $user->username . ': ' . $a->href); $already_exists = true; break; } if ($already_exists) { continue; } // change it locally $password = generate_random_cleartext_password(); $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); $user->save(); error_log('adding to stormpath ' . $user->email); $result = add_to_stormpath($user, $password); if ($result) { // notify them of the change // replace tokens in the message $message_m = str_replace('{{password}}', $password, $message); $message_m = str_replace('{{name}}', $user->name, $message_m); $message_m = str_replace('{{username}}', $user->username, $message_m); $message_m = str_replace('{{email}}', $user->email, $message_m); $message_m = str_replace('{{forgot_password}}', $site_url . 'forgotpassword', $message_m); $message_m = str_replace('{{site_email}}', $site->email, $message_m); $message_m = str_replace('{{site_url}}', $site_url, $message_m); notify_user($user->guid, $site->guid, $subject, $message_m, null, 'email'); } } }
/** * Registers a user, returning false if the username already exists * * @param string $username The username of the new user * @param string $password The password * @param string $name The user's display name * @param string $email Their email address * @param bool $allow_multiple_emails Allow the same email address to be * registered multiple times? * @param int $friend_guid GUID of a user to friend once fully registered * @param string $invitecode An invite code from a friend * * @return int|false The new user's GUID; false on failure * @throws RegistrationException */ function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') { // no need to trim password. $username = trim($username); $name = trim(strip_tags($name)); $email = trim($email); // A little sanity checking if (empty($username) || empty($password) || empty($name) || empty($email)) { return false; } // Make sure a user with conflicting details hasn't registered and been disabled $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); if (strlen($name) > 60) { $msg = elgg_echo('registration:nametoolong') . elgg_echo('input:max', array(20, 60)); throw new RegistrationException($msg); } if (strlen($email) > 60) { $msg = elgg_echo('registration:emailtoolong', array(60)); throw new RegistrationException($msg); } if (strlen($password) > 60) { $msg = elgg_echo('registration:passwordtoolong', array(60)); throw new RegistrationException($msg); } if (!validate_email_address($email)) { throw new RegistrationException(elgg_echo('registration:emailnotvalid')); } if (!validate_password($password)) { throw new RegistrationException(elgg_echo('registration:passwordnotvalid')); } if (!validate_username($username)) { throw new RegistrationException(elgg_echo('registration:usernamenotvalid')); } if ($user = get_user_by_username($username)) { throw new RegistrationException(elgg_echo('registration:userexists')); } if (!$allow_multiple_emails && get_user_by_email($email)) { throw new RegistrationException(elgg_echo('registration:dupeemail')); } access_show_hidden_entities($access_status); // Create user $user = new ElggUser(); $user->username = $username; $user->email = $email; $user->name = $name; $user->access_id = ACCESS_PUBLIC; $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); $user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created. $user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created. $user->language = get_current_language(); $user->save(); // If $friend_guid has been set, make mutual friends if ($friend_guid) { if ($friend_user = get_user($friend_guid)) { if ($invitecode == generate_invite_code($friend_user->username)) { $user->addFriend($friend_guid); $friend_user->addFriend($user->guid); // @todo Should this be in addFriend? add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid); add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID()); } } } // Turn on email notifications by default set_user_notification_setting($user->getGUID(), 'email', true); set_user_notification_setting($user->getGUID(), 'site', true); return $user->getGUID(); }
/** * Registers a user, returning false if the username already exists * * @param string $username The username of the new user * @param string $password The password * @param string $name The user's display name * @param string $email The user's email address * @param bool $allow_multiple_emails Allow the same email address to be * registered multiple times? * * @return int|false The new user's GUID; false on failure * @throws RegistrationException */ function register_user($username, $password, $name, $email, $allow_multiple_emails = false) { // no need to trim password. $username = trim($username); $name = trim(strip_tags($name)); $email = trim($email); // A little sanity checking if (empty($username) || empty($password) || empty($name) || empty($email)) { return false; } // Make sure a user with conflicting details hasn't registered and been disabled $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); if (!validate_email_address($email)) { throw new RegistrationException(elgg_echo('registration:emailnotvalid')); } if (!validate_password($password)) { throw new RegistrationException(elgg_echo('registration:passwordnotvalid')); } if (!validate_username($username)) { throw new RegistrationException(elgg_echo('registration:usernamenotvalid')); } if ($user = get_user_by_username($username)) { throw new RegistrationException(elgg_echo('registration:userexists')); } if (!$allow_multiple_emails && get_user_by_email($email)) { throw new RegistrationException(elgg_echo('registration:dupeemail')); } access_show_hidden_entities($access_status); // Create user $user = new ElggUser(); $user->username = $username; $user->email = $email; $user->name = $name; $user->access_id = ACCESS_PUBLIC; $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); $user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created. $user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created. $user->language = get_current_language(); if ($user->save() === false) { return false; } // Turn on email notifications by default set_user_notification_setting($user->getGUID(), 'email', true); return $user->getGUID(); }
/** * Can we allow the user with the credentials to log in? * Check stormpath, create the user if they can log in and don't exist * Enable the user if they can log in but were waiting for email verification * * @param type $credentials * @return boolean */ function pam_handler($credentials) { // try to authenticate first $application = get_application(); $authResult = $application->authenticate($credentials['username'], $credentials['password']); $account = $authResult->account; if (!$account || strtolower($account->status) != 'enabled') { return false; } // we need to search hidden users too // in case of email confirmation disabling $show_hidden = access_get_show_hidden_status(); access_show_hidden_entities(true); // we have an account and it's enabled // see if we have a matching account here // check if logging in with email address if (strpos($credentials['username'], '@') !== false) { $users = get_user_by_email($credentials['username']); $user = $users[0]; } else { $user = get_user_by_username($credentials['username']); } // custom context gives us permission to do this elgg_push_context('stormpath_validate_user'); // if we don't have a user we need to create one if (!$user) { $user = new \ElggUser(); $user->username = preg_replace("/[^a-zA-Z0-9]/", "", $account->username); $user->email = $account->email; $user->name = $account->fullName; $user->access_id = ACCESS_PUBLIC; $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $credentials['password']); $user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created. $user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created. $user->language = get_current_language(); $user->save(); $user->__stormpath_user = $account->href; elgg_set_user_validation_status($user->guid, TRUE, 'stormpath'); // Turn on email notifications by default set_user_notification_setting($user->getGUID(), 'email', true); } // see if we need to enable/verify the user if (!$user->isEnabled() && in_array($user->disable_reason, array('stormpath_new_user', 'uservalidationbyemail_new_user'))) { $user->enable(); $user->__stormpath_user = $account->href; elgg_set_user_validation_status($user->guid, TRUE, 'stormpath'); } elgg_pop_context(); access_show_hidden_entities($show_hidden); if ($user && $user->isEnabled()) { return true; } return false; }
$name = get_input('name'); if ($container_guid == '' || $username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') { register_error("Todos os campos são obrigatórios."); forward(REFERER); } if (strcmp($password, $password2) != 0) { register_error(elgg_echo('RegistrationException:PasswordMismatch')); forward(REFERER); } try { $aluno = new Aluno(); $aluno->username = $username; $aluno->email = $email; $aluno->name = $name; $aluno->access_id = ACCESS_PUBLIC; $aluno->salt = _elgg_generate_password_salt(); $aluno->password = generate_user_password($aluno, $password); $aluno->owner_guid = 0; $aluno->container_guid = $container_guid; $aluno->language = get_current_language(); $guid = $aluno->save(); if ($guid) { $new_user = get_entity($guid); elgg_clear_sticky_form('useradd'); $new_user->created_by_guid = elgg_get_logged_in_user_guid(); $subject = elgg_echo('useradd:subject'); $body = elgg_echo('useradd:body', array($name, elgg_get_site_entity()->name, elgg_get_site_entity()->url, $username, $password)); notify_user($new_user->guid, elgg_get_site_entity()->guid, $subject, $body); system_message(elgg_echo("adduser:ok", array(elgg_get_site_entity()->name))); } else { register_error(elgg_echo("adduser:bad"));
/** * Called on usersettings save action - changes the users password * locally and on stormpath * * @param type $hook * @param type $type * @param type $return * @param type $params * @return boolean|null */ function set_user_password($hook = 'usersettings:save', $type = 'user', $return = true, $params = array()) { $current_password = get_input('current_password', null, false); $password = get_input('password', null, false); $password2 = get_input('password2', null, false); $user_guid = get_input('guid'); if ($user_guid) { $user = get_user($user_guid); } else { $user = elgg_get_logged_in_user_entity(); } if ($user && $password) { // let admin user change anyone's password without knowing it except his own. if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { $credentials = array('username' => $user->email, 'password' => $current_password); try { pam_handler($credentials); } catch (\LoginException $e) { register_error(elgg_echo('LoginException:ChangePasswordFailure')); return false; } } try { $result = validate_password($password); } catch (\RegistrationException $e) { register_error($e->getMessage()); return false; } if ($result) { if ($password == $password2) { // change it on stormpath if ($user->__stormpath_user) { try { $client = get_client(); $account = $client->dataStore->getResource($user->__stormpath_user, \Stormpath\Stormpath::ACCOUNT); $account->password = $password; $account->save(); } catch (\Exception $exc) { register_error($exc->getMessage()); return false; } } else { if ($password) { add_to_stormpath($user, $password); } } // change it locally $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); if (is_elgg18()) { $user->code = ''; if ($user->guid == elgg_get_logged_in_user_guid() && !empty($_COOKIE['elggperm'])) { // regenerate remember me code so no other user could // use it to authenticate later $code = _elgg_generate_remember_me_token(); $_SESSION['code'] = $code; $user->code = md5($code); setcookie("elggperm", $code, time() + 86400 * 30, "/"); } } else { _elgg_services()->persistentLogin->handlePasswordChange($user, elgg_get_logged_in_user_entity()); } if ($user->save()) { system_message(elgg_echo('user:password:success')); return true; } else { register_error(elgg_echo('user:password:fail')); } } else { register_error(elgg_echo('user:password:fail:notsame')); } } else { register_error(elgg_echo('user:password:fail:tooshort')); } } else { // no change return null; } return false; }