Example #1
0
 public function testUpdateACL()
 {
     // another fake user to test with
     $user = new ElggUser();
     $user->username = '******' . rand();
     $user->email = '*****@*****.**' . rand();
     $user->name = 'fake user';
     $user->access_id = ACCESS_PUBLIC;
     $user->salt = _elgg_generate_password_salt();
     $user->password = generate_user_password($user, rand());
     $user->owner_guid = 0;
     $user->container_guid = 0;
     $user->save();
     $acl_id = create_access_collection('test acl');
     $member_lists = array(array($this->user->guid, $user->guid), array($user->guid), array($this->user->guid), array());
     foreach ($member_lists as $members) {
         $result = update_access_collection($acl_id, $members);
         $this->assertTrue($result);
         if ($result) {
             $q = "SELECT * FROM {$this->dbPrefix}access_collection_membership\n\t\t\t\t\tWHERE access_collection_id = {$acl_id}";
             $data = get_data($q);
             if (count($members) == 0) {
                 $this->assertFalse($data);
             } else {
                 $this->assertEqual(count($members), count($data));
             }
             foreach ($data as $row) {
                 $this->assertTrue(in_array($row->user_guid, $members));
             }
         }
     }
     delete_access_collection($acl_id);
     $user->delete();
 }
Example #2
0
/**
 * Set a user's password
 * 
 * @return bool
 * @since 1.8.0
 * @access private
 */
function elgg_set_user_password()
{
    $current_password = get_input('current_password', null, false);
    $password = get_input('password', null, false);
    $password2 = get_input('password2', null, false);
    $user_guid = get_input('guid');
    if (!$user_guid) {
        $user = elgg_get_logged_in_user_entity();
    } else {
        $user = get_entity($user_guid);
    }
    if ($user && $password) {
        // let admin user change anyone's password without knowing it except his own.
        if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
            $credentials = array('username' => $user->username, 'password' => $current_password);
            try {
                pam_auth_userpass($credentials);
            } catch (LoginException $e) {
                register_error(elgg_echo('LoginException:ChangePasswordFailure'));
                return false;
            }
        }
        try {
            $result = validate_password($password);
        } catch (RegistrationException $e) {
            register_error($e->getMessage());
            return false;
        }
        if ($result) {
            if ($password == $password2) {
                $user->salt = _elgg_generate_password_salt();
                $user->password = generate_user_password($user, $password);
                $user->code = '';
                if ($user->guid == elgg_get_logged_in_user_guid() && !empty($_COOKIE['elggperm'])) {
                    // regenerate remember me code so no other user could
                    // use it to authenticate later
                    $code = _elgg_generate_remember_me_token();
                    $_SESSION['code'] = $code;
                    $user->code = md5($code);
                    setcookie("elggperm", $code, time() + 86400 * 30, "/");
                }
                if ($user->save()) {
                    system_message(elgg_echo('user:password:success'));
                    return true;
                } else {
                    register_error(elgg_echo('user:password:fail'));
                }
            } else {
                register_error(elgg_echo('user:password:fail:notsame'));
            }
        } else {
            register_error(elgg_echo('user:password:fail:tooshort'));
        }
    } else {
        // no change
        return null;
    }
    return false;
}
Example #3
0
/**
 * Set a user's password
 * 
 * @return bool
 * @since 1.8.0
 * @access private
 */
function _elgg_set_user_password()
{
    $current_password = get_input('current_password', null, false);
    $password = get_input('password', null, false);
    $password2 = get_input('password2', null, false);
    $user_guid = get_input('guid');
    if ($user_guid) {
        $user = get_user($user_guid);
    } else {
        $user = elgg_get_logged_in_user_entity();
    }
    if ($user && $password) {
        // let admin user change anyone's password without knowing it except his own.
        if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
            $credentials = array('username' => $user->username, 'password' => $current_password);
            try {
                pam_auth_userpass($credentials);
            } catch (LoginException $e) {
                register_error(elgg_echo('LoginException:ChangePasswordFailure'));
                return false;
            }
        }
        try {
            $result = validate_password($password);
        } catch (RegistrationException $e) {
            register_error($e->getMessage());
            return false;
        }
        if ($result) {
            if ($password == $password2) {
                $user->salt = _elgg_generate_password_salt();
                $user->password = generate_user_password($user, $password);
                _elgg_services()->persistentLogin->handlePasswordChange($user, elgg_get_logged_in_user_entity());
                if ($user->save()) {
                    system_message(elgg_echo('user:password:success'));
                    return true;
                } else {
                    register_error(elgg_echo('user:password:fail'));
                }
            } else {
                register_error(elgg_echo('user:password:fail:notsame'));
            }
        } else {
            register_error(elgg_echo('user:password:fail:tooshort'));
        }
    } else {
        // no change
        return null;
    }
    return false;
}
Example #4
0
 /**
  * Called before each test object.
  */
 public function __construct()
 {
     parent::__construct();
     $this->user = new ElggUser();
     $this->user->username = '******' . rand();
     $this->user->email = '*****@*****.**' . rand();
     $this->user->name = 'fake user ' . rand();
     $this->user->access_id = ACCESS_PUBLIC;
     $this->user->salt = _elgg_generate_password_salt();
     $this->user->password = generate_user_password($this->user, rand());
     $this->user->owner_guid = 0;
     $this->user->container_guid = 0;
     $this->user->save();
 }
Example #5
0
/**
 * Create a new user from Twitter information
 * 
 * @param object $twitter Twitter OAuth response
 * @return ElggUser
 */
function twitter_api_create_user($twitter)
{
    // check new registration allowed
    if (!twitter_api_allow_new_users_with_twitter()) {
        register_error(elgg_echo('registerdisabled'));
        forward();
    }
    // Elgg-ify Twitter credentials
    $username = $twitter->screen_name;
    while (get_user_by_username($username)) {
        // @todo I guess we just hope this is good enough
        $username = $twitter->screen_name . '_' . rand(1000, 9999);
    }
    $password = generate_random_cleartext_password();
    $name = $twitter->name;
    $user = new ElggUser();
    $user->username = $username;
    $user->name = $name;
    $user->access_id = ACCESS_PUBLIC;
    $user->salt = _elgg_generate_password_salt();
    $user->password = generate_user_password($user, $password);
    $user->owner_guid = 0;
    $user->container_guid = 0;
    if (!$user->save()) {
        register_error(elgg_echo('registerbad'));
        forward();
    }
    return $user;
}
Example #6
0
 * for a user, then emails the password to the user's registered
 * email address.
 *
 * NOTE: This is different to the "reset password" link users
 * can use in that it does not first email the user asking if
 * they want to have their password reset.
 *
 * @package Elgg.Core
 * @subpackage Administration.User
 */
$guid = get_input('guid');
$user = get_entity($guid);
if ($user instanceof ElggUser && $user->canEdit()) {
    $password = generate_random_cleartext_password();
    // Always reset the salt before generating the user password.
    $user->salt = _elgg_generate_password_salt();
    $user->password = generate_user_password($user, $password);
    if ($user->save()) {
        system_message(elgg_echo('admin:user:resetpassword:yes'));
        /*notify_user($user->guid,
        		elgg_get_site_entity()->guid,
        		elgg_echo('email:resetpassword:subject'),
        		elgg_echo('email:resetpassword:body', array($user->username, $password)),
        		NULL,
        		'email');*/
        $site_name = elgg_get_site_entity()->name;
        zhgroups_send_email($site_name, $user->email, elgg_echo('email:resetpassword:subject', array($site_name)), '<div style="color:#333;font-size:16px;">' . elgg_echo('email:resetpassword:body', array($user->username, $password)) . '</div>');
    } else {
        register_error(elgg_echo('admin:user:resetpassword:no'));
    }
} else {
Example #7
0
function import_to_stormpath()
{
    $dbprefix = elgg_get_config('dbprefix');
    $subject = elgg_get_plugin_setting('import_subject', PLUGIN_ID);
    $message = elgg_get_plugin_setting('import_message', PLUGIN_ID);
    $site = elgg_get_site_entity();
    $site_url = elgg_get_site_url();
    if (!$subject || !$message) {
        error_log('no subject/message');
        return true;
    }
    if (is_elgg18()) {
        $name_id = add_metastring('__stormpath_user');
        $value_id = add_metastring(1);
    } else {
        $name_id = elgg_get_metastring_id('__stormpath_user');
        $value_id = elgg_get_metastring_id(1);
    }
    $options = array('type' => 'user', 'joins' => array("LEFT JOIN {$dbprefix}metadata md ON md.entity_guid = e.guid AND md.name_id = {$name_id}"), 'wheres' => array('md.name_id IS NULL'), 'limit' => false);
    $batch = new \ElggBatch('elgg_get_entities', $options);
    $batch->setIncrementOffset(false);
    foreach ($batch as $user) {
        // search stormpath for a matching account
        $application = get_application();
        $accts = $application->getAccounts(array('email' => $user->email));
        $already_exists = false;
        foreach ($accts as $a) {
            $user->__stormpath_user = $a->href;
            error_log('set user ' . $user->username . ': ' . $a->href);
            $already_exists = true;
            break;
        }
        if ($already_exists) {
            continue;
        }
        // change it locally
        $password = generate_random_cleartext_password();
        $user->salt = _elgg_generate_password_salt();
        $user->password = generate_user_password($user, $password);
        $user->save();
        error_log('adding to stormpath ' . $user->email);
        $result = add_to_stormpath($user, $password);
        if ($result) {
            // notify them of the change
            // replace tokens in the message
            $message_m = str_replace('{{password}}', $password, $message);
            $message_m = str_replace('{{name}}', $user->name, $message_m);
            $message_m = str_replace('{{username}}', $user->username, $message_m);
            $message_m = str_replace('{{email}}', $user->email, $message_m);
            $message_m = str_replace('{{forgot_password}}', $site_url . 'forgotpassword', $message_m);
            $message_m = str_replace('{{site_email}}', $site->email, $message_m);
            $message_m = str_replace('{{site_url}}', $site_url, $message_m);
            notify_user($user->guid, $site->guid, $subject, $message_m, null, 'email');
        }
    }
}
Example #8
0
/**
 * Registers a user, returning false if the username already exists
 *
 * @param string $username              The username of the new user
 * @param string $password              The password
 * @param string $name                  The user's display name
 * @param string $email                 Their email address
 * @param bool   $allow_multiple_emails Allow the same email address to be
 *                                      registered multiple times?
 * @param int    $friend_guid           GUID of a user to friend once fully registered
 * @param string $invitecode            An invite code from a friend
 *
 * @return int|false The new user's GUID; false on failure
 * @throws RegistrationException
 */
function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '')
{
    // no need to trim password.
    $username = trim($username);
    $name = trim(strip_tags($name));
    $email = trim($email);
    // A little sanity checking
    if (empty($username) || empty($password) || empty($name) || empty($email)) {
        return false;
    }
    // Make sure a user with conflicting details hasn't registered and been disabled
    $access_status = access_get_show_hidden_status();
    access_show_hidden_entities(true);
    if (strlen($name) > 60) {
        $msg = elgg_echo('registration:nametoolong') . elgg_echo('input:max', array(20, 60));
        throw new RegistrationException($msg);
    }
    if (strlen($email) > 60) {
        $msg = elgg_echo('registration:emailtoolong', array(60));
        throw new RegistrationException($msg);
    }
    if (strlen($password) > 60) {
        $msg = elgg_echo('registration:passwordtoolong', array(60));
        throw new RegistrationException($msg);
    }
    if (!validate_email_address($email)) {
        throw new RegistrationException(elgg_echo('registration:emailnotvalid'));
    }
    if (!validate_password($password)) {
        throw new RegistrationException(elgg_echo('registration:passwordnotvalid'));
    }
    if (!validate_username($username)) {
        throw new RegistrationException(elgg_echo('registration:usernamenotvalid'));
    }
    if ($user = get_user_by_username($username)) {
        throw new RegistrationException(elgg_echo('registration:userexists'));
    }
    if (!$allow_multiple_emails && get_user_by_email($email)) {
        throw new RegistrationException(elgg_echo('registration:dupeemail'));
    }
    access_show_hidden_entities($access_status);
    // Create user
    $user = new ElggUser();
    $user->username = $username;
    $user->email = $email;
    $user->name = $name;
    $user->access_id = ACCESS_PUBLIC;
    $user->salt = _elgg_generate_password_salt();
    $user->password = generate_user_password($user, $password);
    $user->owner_guid = 0;
    // Users aren't owned by anyone, even if they are admin created.
    $user->container_guid = 0;
    // Users aren't contained by anyone, even if they are admin created.
    $user->language = get_current_language();
    $user->save();
    // If $friend_guid has been set, make mutual friends
    if ($friend_guid) {
        if ($friend_user = get_user($friend_guid)) {
            if ($invitecode == generate_invite_code($friend_user->username)) {
                $user->addFriend($friend_guid);
                $friend_user->addFriend($user->guid);
                // @todo Should this be in addFriend?
                add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid);
                add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID());
            }
        }
    }
    // Turn on email notifications by default
    set_user_notification_setting($user->getGUID(), 'email', true);
    set_user_notification_setting($user->getGUID(), 'site', true);
    return $user->getGUID();
}
Example #9
0
/**
 * Registers a user, returning false if the username already exists
 *
 * @param string $username              The username of the new user
 * @param string $password              The password
 * @param string $name                  The user's display name
 * @param string $email                 The user's email address
 * @param bool   $allow_multiple_emails Allow the same email address to be
 *                                      registered multiple times?
 *
 * @return int|false The new user's GUID; false on failure
 * @throws RegistrationException
 */
function register_user($username, $password, $name, $email, $allow_multiple_emails = false)
{
    // no need to trim password.
    $username = trim($username);
    $name = trim(strip_tags($name));
    $email = trim($email);
    // A little sanity checking
    if (empty($username) || empty($password) || empty($name) || empty($email)) {
        return false;
    }
    // Make sure a user with conflicting details hasn't registered and been disabled
    $access_status = access_get_show_hidden_status();
    access_show_hidden_entities(true);
    if (!validate_email_address($email)) {
        throw new RegistrationException(elgg_echo('registration:emailnotvalid'));
    }
    if (!validate_password($password)) {
        throw new RegistrationException(elgg_echo('registration:passwordnotvalid'));
    }
    if (!validate_username($username)) {
        throw new RegistrationException(elgg_echo('registration:usernamenotvalid'));
    }
    if ($user = get_user_by_username($username)) {
        throw new RegistrationException(elgg_echo('registration:userexists'));
    }
    if (!$allow_multiple_emails && get_user_by_email($email)) {
        throw new RegistrationException(elgg_echo('registration:dupeemail'));
    }
    access_show_hidden_entities($access_status);
    // Create user
    $user = new ElggUser();
    $user->username = $username;
    $user->email = $email;
    $user->name = $name;
    $user->access_id = ACCESS_PUBLIC;
    $user->salt = _elgg_generate_password_salt();
    $user->password = generate_user_password($user, $password);
    $user->owner_guid = 0;
    // Users aren't owned by anyone, even if they are admin created.
    $user->container_guid = 0;
    // Users aren't contained by anyone, even if they are admin created.
    $user->language = get_current_language();
    if ($user->save() === false) {
        return false;
    }
    // Turn on email notifications by default
    set_user_notification_setting($user->getGUID(), 'email', true);
    return $user->getGUID();
}
Example #10
0
/**
 * Can we allow the user with the credentials to log in?
 * Check stormpath, create the user if they can log in and don't exist
 * Enable the user if they can log in but were waiting for email verification
 * 
 * @param type $credentials
 * @return boolean
 */
function pam_handler($credentials)
{
    // try to authenticate first
    $application = get_application();
    $authResult = $application->authenticate($credentials['username'], $credentials['password']);
    $account = $authResult->account;
    if (!$account || strtolower($account->status) != 'enabled') {
        return false;
    }
    // we need to search hidden users too
    // in case of email confirmation disabling
    $show_hidden = access_get_show_hidden_status();
    access_show_hidden_entities(true);
    // we have an account and it's enabled
    // see if we have a matching account here
    // check if logging in with email address
    if (strpos($credentials['username'], '@') !== false) {
        $users = get_user_by_email($credentials['username']);
        $user = $users[0];
    } else {
        $user = get_user_by_username($credentials['username']);
    }
    // custom context gives us permission to do this
    elgg_push_context('stormpath_validate_user');
    // if we don't have a user we need to create one
    if (!$user) {
        $user = new \ElggUser();
        $user->username = preg_replace("/[^a-zA-Z0-9]/", "", $account->username);
        $user->email = $account->email;
        $user->name = $account->fullName;
        $user->access_id = ACCESS_PUBLIC;
        $user->salt = _elgg_generate_password_salt();
        $user->password = generate_user_password($user, $credentials['password']);
        $user->owner_guid = 0;
        // Users aren't owned by anyone, even if they are admin created.
        $user->container_guid = 0;
        // Users aren't contained by anyone, even if they are admin created.
        $user->language = get_current_language();
        $user->save();
        $user->__stormpath_user = $account->href;
        elgg_set_user_validation_status($user->guid, TRUE, 'stormpath');
        // Turn on email notifications by default
        set_user_notification_setting($user->getGUID(), 'email', true);
    }
    // see if we need to enable/verify the user
    if (!$user->isEnabled() && in_array($user->disable_reason, array('stormpath_new_user', 'uservalidationbyemail_new_user'))) {
        $user->enable();
        $user->__stormpath_user = $account->href;
        elgg_set_user_validation_status($user->guid, TRUE, 'stormpath');
    }
    elgg_pop_context();
    access_show_hidden_entities($show_hidden);
    if ($user && $user->isEnabled()) {
        return true;
    }
    return false;
}
Example #11
0
$name = get_input('name');
if ($container_guid == '' || $username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') {
    register_error("Todos os campos são obrigatórios.");
    forward(REFERER);
}
if (strcmp($password, $password2) != 0) {
    register_error(elgg_echo('RegistrationException:PasswordMismatch'));
    forward(REFERER);
}
try {
    $aluno = new Aluno();
    $aluno->username = $username;
    $aluno->email = $email;
    $aluno->name = $name;
    $aluno->access_id = ACCESS_PUBLIC;
    $aluno->salt = _elgg_generate_password_salt();
    $aluno->password = generate_user_password($aluno, $password);
    $aluno->owner_guid = 0;
    $aluno->container_guid = $container_guid;
    $aluno->language = get_current_language();
    $guid = $aluno->save();
    if ($guid) {
        $new_user = get_entity($guid);
        elgg_clear_sticky_form('useradd');
        $new_user->created_by_guid = elgg_get_logged_in_user_guid();
        $subject = elgg_echo('useradd:subject');
        $body = elgg_echo('useradd:body', array($name, elgg_get_site_entity()->name, elgg_get_site_entity()->url, $username, $password));
        notify_user($new_user->guid, elgg_get_site_entity()->guid, $subject, $body);
        system_message(elgg_echo("adduser:ok", array(elgg_get_site_entity()->name)));
    } else {
        register_error(elgg_echo("adduser:bad"));
Example #12
0
/**
 * Called on usersettings save action - changes the users password
 * locally and on stormpath
 * 
 * @param type $hook
 * @param type $type
 * @param type $return
 * @param type $params
 * @return boolean|null
 */
function set_user_password($hook = 'usersettings:save', $type = 'user', $return = true, $params = array())
{
    $current_password = get_input('current_password', null, false);
    $password = get_input('password', null, false);
    $password2 = get_input('password2', null, false);
    $user_guid = get_input('guid');
    if ($user_guid) {
        $user = get_user($user_guid);
    } else {
        $user = elgg_get_logged_in_user_entity();
    }
    if ($user && $password) {
        // let admin user change anyone's password without knowing it except his own.
        if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
            $credentials = array('username' => $user->email, 'password' => $current_password);
            try {
                pam_handler($credentials);
            } catch (\LoginException $e) {
                register_error(elgg_echo('LoginException:ChangePasswordFailure'));
                return false;
            }
        }
        try {
            $result = validate_password($password);
        } catch (\RegistrationException $e) {
            register_error($e->getMessage());
            return false;
        }
        if ($result) {
            if ($password == $password2) {
                // change it on stormpath
                if ($user->__stormpath_user) {
                    try {
                        $client = get_client();
                        $account = $client->dataStore->getResource($user->__stormpath_user, \Stormpath\Stormpath::ACCOUNT);
                        $account->password = $password;
                        $account->save();
                    } catch (\Exception $exc) {
                        register_error($exc->getMessage());
                        return false;
                    }
                } else {
                    if ($password) {
                        add_to_stormpath($user, $password);
                    }
                }
                // change it locally
                $user->salt = _elgg_generate_password_salt();
                $user->password = generate_user_password($user, $password);
                if (is_elgg18()) {
                    $user->code = '';
                    if ($user->guid == elgg_get_logged_in_user_guid() && !empty($_COOKIE['elggperm'])) {
                        // regenerate remember me code so no other user could
                        // use it to authenticate later
                        $code = _elgg_generate_remember_me_token();
                        $_SESSION['code'] = $code;
                        $user->code = md5($code);
                        setcookie("elggperm", $code, time() + 86400 * 30, "/");
                    }
                } else {
                    _elgg_services()->persistentLogin->handlePasswordChange($user, elgg_get_logged_in_user_entity());
                }
                if ($user->save()) {
                    system_message(elgg_echo('user:password:success'));
                    return true;
                } else {
                    register_error(elgg_echo('user:password:fail'));
                }
            } else {
                register_error(elgg_echo('user:password:fail:notsame'));
            }
        } else {
            register_error(elgg_echo('user:password:fail:tooshort'));
        }
    } else {
        // no change
        return null;
    }
    return false;
}