$query = "UPDATE auth_user_md5 SET perms = 'autor' WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($user->id)); if ($statement->rowCount() == 0) { $error = _('Fehler! Bitte wenden Sie sich an den Systemadministrator.'); $details = array($query); $message = MessageBox::error($error, $details); } else { $success = _('Ihr Status wurde erfolgreich auf <em>autor</em> gesetzt.<br> Damit dürfen Sie in den meisten Veranstaltungen schreiben, für die Sie sich anmelden.'); $details = array(); $details[] = _('Einige Veranstaltungen erfordern allerdings bei der Anmeldung die Eingabe eines Passwortes. Dieses Passwort erfahren Sie von den Lehrenden der Veranstaltung.'); $message = MessageBox::success($success, $details); // Auto-Inserts AutoInsert::instance()->saveUser($user->id, "autor"); $auth->logout(); // einen Logout durchführen, um erneuten Login zu erzwingen $info = sprintf(_('Die Statusänderung wird erst nach einem erneuten %sLogin%s wirksam!<br> Deshalb wurden Sie jetzt automatisch ausgeloggt.'), '<a href="index.php?again=yes"><em>', '</em></a>'); $message .= MessageBox::info($info); } } } } } $template = $GLOBALS['template_factory']->open('email-validation'); $template->set_layout($GLOBALS['template_factory']->open('layouts/base_without_infobox')); $template->message = $message; echo $template->render(); page_close();
/** * initialize a new user * * this method is invoked for one time, if a new user logs in ($this->is_new_user is true) * place special treatment of new users here * * @access private * @param * User the user object * @return bool */ function doNewUserInit($user) { // auto insertion of new users, according to $AUTO_INSERT_SEM[] (defined in local.inc) AutoInsert::instance()->saveUser($user->id, $user->perms); }
/** * Imports a line of the table into the Stud.IP database if the check returns no errors. * @param array $line : array of fields * @return array : array('found' => true|false, 'errors' => "Error message", 'pk' => "primary key") */ public function importLine($line) { $plugin = $this->getPlugin(); $classname = $this['import_type']; if (!$classname) { return array(); } $data = $this->getMappedData($line); $pk = $this->getPrimaryKey($data); //Last chance to quit: $error = $this->checkLine($line, $data, $pk); $output = array(); $object = new $classname($pk); if (!$object->isNew()) { $output['found'] = true; $output['pk'] = $pk; foreach ((array) $this['tabledata']['ignoreonupdate'] as $fieldname) { unset($data[$fieldname]); } } else { $output['found'] = false; } foreach ($data as $fieldname => $value) { if ($value !== false && in_array($fieldname, $this->getTargetFields())) { $object[$fieldname] = $value; if ($classname === "User" && $fieldname === "password") { $object[$fieldname] = UserManagement::getPwdHasher()->HashPassword($value); } } } if (method_exists($object, "getFullName")) { $error['name'] = $output['name'] = $object->getFullName(); } elseif ($object->isField("name")) { $error['name'] = $output['name'] = $object['name']; } elseif ($object->isField("title")) { $error['name'] = $output['name'] = $object['title']; } if ($error && $error['errors']) { //exit here to have the name of the object in the log return $error; } if ($plugin) { $plugin->beforeUpdate($object, $line, $data); } $object->store(); $output['pk'] = (array) $object->getId(); //Dynamic special fields: switch ($classname) { case "Course": //fleximport_dozenten foreach ($data['fleximport_dozenten'] as $dozent_id) { $seminar = new Seminar($object->getId()); $seminar->addMember($dozent_id, 'dozent'); } //fleximport_related_institutes if (!$data['fleximport_related_institutes']) { $data['fleximport_related_institutes'] = array($object['institut_id']); } else { if (!in_array($object['institut_id'], $data['fleximport_related_institutes'])) { $data['fleximport_related_institutes'][] = $object['institut_id']; } } foreach ($data['fleximport_related_institutes'] as $institut_id) { $insert = DBManager::get()->prepare("\n INSERT IGNORE INTO seminar_inst\n SET seminar_id = :seminar_id,\n institut_id = :institut_id\n "); $insert->execute(array('seminar_id' => $object->getId(), 'institut_id' => $institut_id)); } if ($this['tabledata']['simplematching']["fleximport_course_userdomains"]['column'] || in_array("fleximport_course_userdomains", $this->fieldsToBeDynamicallyMapped())) { $statement = DBManager::get()->prepare("\n SELECT userdomain_id\n FROM seminar_userdomains\n WHERE seminar_id = ?\n "); $statement->execute(array($object->getId())); $olddomains = $statement->fetchAll(PDO::FETCH_COLUMN, 0); foreach (array_diff($data['fleximport_user_inst'], $olddomains) as $to_add) { $domain = new UserDomain($to_add); $domain->addSeminar($object->getId()); } foreach (array_diff($olddomains, $data['fleximport_user_inst']) as $to_remove) { $domain = new UserDomain($to_remove); $domain->removeSeminar($object->getId()); } } break; case "User": if ($this['tabledata']['simplematching']["fleximport_user_inst"]['column'] || in_array("fleximport_user_inst", $this->fieldsToBeDynamicallyMapped())) { if ($object['perms'] !== "root") { foreach ($data['fleximport_user_inst'] as $institut_id) { $member = new InstituteMember(array($object->getId(), $institut_id)); $member['inst_perms'] = $object['perms']; $member->store(); } } } if ($this['tabledata']['simplematching']["fleximport_userdomains"]['column'] || in_array("fleximport_userdomains", $this->fieldsToBeDynamicallyMapped())) { $olddomains = UserDomain::getUserDomainsForUser($object->getId()); foreach ($olddomains as $olddomain) { if (!in_array($olddomain->getID(), (array) $data['fleximport_userdomains'])) { $olddomain->removeUser($object->getId()); } } foreach ($data['fleximport_userdomains'] as $userdomain) { $domain = new UserDomain($userdomain); $domain->addUser($object->getId()); } AutoInsert::instance()->saveUser($object->getId()); foreach ($data['fleximport_userdomains'] as $domain_id) { if (!in_array($domain_id, $olddomains)) { $welcome = FleximportConfig::get("USERDOMAIN_WELCOME_" . $domain_id); if ($welcome) { foreach ($object->toArray() as $field => $value) { $welcome = str_replace("{{" . $field . "}}", $value, $welcome); } foreach ($line as $field => $value) { $welcome = str_replace("{{" . $field . "}}", $value, $welcome); } if (strpos($welcome, "\n") === false) { $subject = _("Willkommen!"); } else { $subject = strstr($welcome, "\n", true); $welcome = substr($welcome, strpos($welcome, "\n") + 1); } $messaging = new messaging(); $count = $messaging->insert_message($welcome, $object->username, '____%system%____', null, null, null, null, $subject, true, 'normal'); } } } } if ($this['tabledata']['simplematching']["fleximport_expiration_date"]['column'] || in_array("fleximport_expiration_date", $this->fieldsToBeDynamicallyMapped())) { if ($data['fleximport_expiration_date']) { UserConfig::get($object->getId())->store("EXPIRATION_DATE", $data['fleximport_expiration_date']); } else { UserConfig::get($object->getId())->delete("EXPIRATION_DATE"); } } if ($output['found'] === false && $data['fleximport_welcome_message'] !== "none") { $user_language = getUserLanguagePath($object->getId()); setTempLanguage(false, $user_language); if ($data['fleximport_welcome_message'] && FleximportConfig::get($data['fleximport_welcome_message'])) { $message = FleximportConfig::get($data['fleximport_welcome_message']); foreach ($data as $field => $value) { $message = str_replace("{{" . $field . "}}", $value, $message); } foreach ($line as $field => $value) { if (!in_array($field, $data)) { $message = str_replace("{{" . $field . "}}", $value, $message); } } if (strpos($message, "\n") === false) { $subject = dgettext($user_language, "Anmeldung Stud.IP-System"); } else { $subject = strstr($message, "\n", true); $message = substr($message, strpos($message, "\n") + 1); } } else { $Zeit = date("H:i:s, d.m.Y", time()); $this->user_data = array('auth_user_md5.username' => $object['username'], 'auth_user_md5.perms' => $object['perms'], 'auth_user_md5.Vorname' => $object['vorname'], 'auth_user_md5.Nachname' => $object['nachname'], 'auth_user_md5.Email' => $object['email']); $password = $data['password']; //this is the not hashed password in cleartext include "locale/{$user_language}/LC_MAILS/create_mail.inc.php"; $message = $mailbody; } if ($message) { $mail = new StudipMail(); $mail->addRecipient($object['email'], $object->getFullName()); $mail->setSubject($subject); $mail->setBodyText($message); $mail->setBodyHtml(formatReady($message)); if (Config::get()->MAILQUEUE_ENABLE) { MailQueueEntry::add($mail); } else { $mail->send(); } } restoreLanguage(); } break; } //Datafields: $datafields = array(); switch ($classname) { case "Course": $datafields = Datafield::findBySQL("object_type = 'sem'"); break; case "User": $datafields = Datafield::findBySQL("object_type = 'user'"); break; case "CourseMember": $datafields = Datafield::findBySQL("object_type = 'usersemdata'"); break; } foreach ($datafields as $datafield) { $fieldname = $datafield['name']; if (isset($data[$fieldname])) { $entry = new DatafieldEntryModel(array($datafield->getId(), $object->getId(), "")); $entry['content'] = $data[$fieldname]; $entry->store(); } } if ($classname === "Course") { if ($this['tabledata']['simplematching']["fleximport_studyarea"]['column'] || in_array("fleximport_studyarea", $this->fieldsToBeDynamicallyMapped())) { //Studienbereiche: $remove = DBManager::get()->prepare("\n DELETE FROM seminar_sem_tree\n WHERE seminar_id = :seminar_id\n "); $remove->execute(array('seminar_id' => $object->getId())); if ($GLOBALS['SEM_CLASS'][$GLOBALS['SEM_TYPE'][$data['status']]['class']]['bereiche']) { foreach ($data['fleximport_studyarea'] as $sem_tree_id) { $insert = DBManager::get()->prepare("\n INSERT IGNORE INTO seminar_sem_tree\n SET sem_tree_id = :sem_tree_id,\n seminar_id = :seminar_id\n "); $insert->execute(array('sem_tree_id' => $sem_tree_id, 'seminar_id' => $object->getId())); } } } if ($this['tabledata']['simplematching']["fleximport_locked"]['column'] || in_array("fleximport_locked", $this->fieldsToBeDynamicallyMapped())) { //Lock or unlock course if ($data['fleximport_locked']) { CourseSet::addCourseToSet(CourseSet::getGlobalLockedAdmissionSetId(), $object->getId()); } elseif (in_array($data['fleximport_locked'], array("0", 0)) && $data['fleximport_locked'] !== "") { CourseSet::removeCourseFromSet(CourseSet::getGlobalLockedAdmissionSetId(), $object->getId()); } } $folder_exist = DBManager::get()->prepare("\n SELECT 1 FROM folder WHERE range_id = ?\n "); $folder_exist->execute(array($object->getId())); if (!$folder_exist->fetch()) { $insert_folder = DBManager::get()->prepare("\n INSERT IGNORE INTO folder\n SET folder_id = MD5(CONCAT(:seminar_id, 'allgemeine_dateien')),\n range_id = :seminar_id,\n user_id = :user_id,\n name = :name,\n description = :description,\n mkdate = UNIX_TIMESTAMP(),\n chdate = UNIX_TIMESTAMP()\n "); $insert_folder->execute(array('seminar_id' => $object->getId(), 'user_id' => $GLOBALS['user']->id, 'name' => _("Allgemeiner Dateiordner"), 'description' => _("Ablage für allgemeine Ordner und Dokumente der Veranstaltung"))); } } if ($plugin && !$object->isNew()) { $plugin->afterUpdate($object, $line); } return $output; }
/** * Change an existing studip user according to the given parameters * * @access public * @param array structure: array('string table_name.field_name'=>'string value') * @return bool Change successful? */ function changeUser($newuser) { global $perm; // Do we have permission to do so? if (!$perm->have_perm("admin")) { $this->msg .= "error§" . _("Sie haben keine Berechtigung Accounts zu verändern.") . "§"; return FALSE; } if (!$perm->is_fak_admin() && $newuser['auth_user_md5.perms'] == "admin") { $this->msg .= "error§" . _("Sie haben keine Berechtigung, <em>Admin-Accounts</em> anzulegen.") . "§"; return FALSE; } if (!$perm->have_perm("root") && $newuser['auth_user_md5.perms'] == "root") { $this->msg .= "error§" . _("Sie haben keine Berechtigung, <em>Root-Accounts</em> anzulegen.") . "§"; return FALSE; } if (!$perm->have_perm("root")) { if (!$perm->is_fak_admin() && $this->user_data['auth_user_md5.perms'] == "admin") { $this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Admin-Accounts</em> zu verändern.") . "§"; return FALSE; } if ($this->user_data['auth_user_md5.perms'] == "root") { $this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Root-Accounts</em> zu verändern.") . "§"; return FALSE; } if ($perm->is_fak_admin() && $this->user_data['auth_user_md5.perms'] == "admin") { if (!$this->adminOK()) { $this->msg .= "error§" . _("Sie haben keine Berechtigung diesen Admin-Account zu verändern.") . "§"; return FALSE; } } } // active dozent? (ignore the studygroup guys) $status = studygroup_sem_types(); if (empty($status)) { $count = 0; } else { $query = "SELECT COUNT(*)\n FROM seminar_user AS su\n LEFT JOIN seminare AS s USING (Seminar_id)\n WHERE su.user_id = ?\n AND s.status NOT IN (?)\n AND su.status = 'dozent'\n AND (SELECT COUNT(*) FROM seminar_user su2 WHERE Seminar_id = su.Seminar_id AND su2.status = 'dozent') = 1\n GROUP BY user_id"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'], $status)); $count = $statement->fetchColumn(); } if ($count && isset($newuser['auth_user_md5.perms']) && $newuser['auth_user_md5.perms'] != "dozent") { $this->msg .= sprintf("error§" . _("Der Benutzer <em>%s</em> ist alleiniger Dozent in %s aktiven Veranstaltungen und kann daher nicht in einen anderen Status versetzt werden!") . "§", $this->user_data['auth_user_md5.username'], $count); return FALSE; } // active admin? if ($this->user_data['auth_user_md5.perms'] == 'admin' && $newuser['auth_user_md5.perms'] != 'admin') { // count number of institutes where the user is admin $query = "SELECT COUNT(*)\n FROM user_inst\n WHERE user_id = ? AND inst_perms = 'admin'\n GROUP BY Institut_id"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'])); // if there are institutes with admin-perms, add error-message and deny change if ($count = $statement->fetchColumn()) { $this->msg .= sprintf('error§' . _("Der Benutzer <em>%s</em> ist Admin in %s Einrichtungen und kann daher nicht in einen anderen Status versetzt werden!") . '§', $this->user_data['auth_user_md5.username'], $count); return false; } } // Is the username correct? if (isset($newuser['auth_user_md5.username'])) { if ($this->user_data['auth_user_md5.username'] != $newuser['auth_user_md5.username']) { if (!$this->validator->ValidateUsername($newuser['auth_user_md5.username'])) { $this->msg .= "error§" . _("Der gewählte Benutzername ist zu kurz oder enthält unzulässige Zeichen!") . "§"; return FALSE; } $check_uname = StudipAuthAbstract::CheckUsername($newuser['auth_user_md5.username']); if ($check_uname['found']) { $this->msg .= "error§" . _("Der Benutzername wird bereits von einem anderen Benutzer verwendet. Bitte wählen Sie einen anderen Benutzernamen!") . "§"; return false; } else { //$this->msg .= "info§" . $check_uname['error'] ."§"; } } else { unset($newuser['auth_user_md5.username']); } } // Can we reach the email? if (isset($newuser['auth_user_md5.Email'])) { if (!$this->checkMail($newuser['auth_user_md5.Email'])) { return FALSE; } } // Store changed values in internal array if allowed $old_perms = $this->user_data['auth_user_md5.perms']; $auth_plugin = $this->user_data['auth_user_md5.auth_plugin']; foreach ($newuser as $key => $value) { if (!StudipAuthAbstract::CheckField($key, $auth_plugin)) { $this->user_data[$key] = $value; } else { $this->msg .= "error§" . sprintf(_("Das Feld <em>%s</em> können Sie nicht ändern!"), $key) . "§"; return FALSE; } } if (!$this->storeToDatabase()) { $this->msg .= "info§" . _("Es wurden keine Veränderungen der Grunddaten vorgenommen.") . "§"; return false; } $this->msg .= "msg§" . sprintf(_("Benutzer \"%s\" verändert."), $this->user_data['auth_user_md5.username']) . "§"; if ($auth_plugin !== null) { // Automated entering new users, based on their status (perms) $result = AutoInsert::instance()->saveUser($this->user_data['auth_user_md5.user_id'], $newuser['auth_user_md5.perms']); foreach ($result['added'] as $item) { $this->msg .= "msg§" . sprintf(_("Das automatische Eintragen in die Veranstaltung <em>%s</em> wurde durchgeführt."), $item) . "§"; } foreach ($result['removed'] as $item) { $this->msg .= "msg§" . sprintf(_("Das automatische Austragen aus der Veranstaltung <em>%s</em> wurde durchgeführt."), $item) . "§"; } // include language-specific subject and mailbody $user_language = getUserLanguagePath($this->user_data['auth_user_md5.user_id']); $Zeit = date("H:i:s, d.m.Y", time()); include "locale/{$user_language}/LC_MAILS/change_mail.inc.php"; // send mail StudipMail::sendMessage($this->user_data['auth_user_md5.Email'], $subject, $mailbody); } // Upgrade to admin or root? if ($newuser['auth_user_md5.perms'] == "admin" || $newuser['auth_user_md5.perms'] == "root") { $this->re_sort_position_in_seminar_user(); // delete all seminar entries $query = "SELECT seminar_id FROM seminar_user WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'])); $seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN); $query = "DELETE FROM seminar_user WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'])); if (($db_ar = $statement->rowCount()) > 0) { $this->msg .= "info§" . sprintf(_("%s Einträge aus Veranstaltungen gelöscht."), $db_ar) . "§"; array_map('update_admission', $seminar_ids); } // delete all entries from waiting lists $query = "SELECT seminar_id FROM admission_seminar_user WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'])); $seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN); $query = "DELETE FROM admission_seminar_user WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'])); if (($db_ar = $statement->rowCount()) > 0) { $this->msg .= "info§" . sprintf(_("%s Einträge aus Wartelisten gelöscht."), $db_ar) . "§"; array_map('update_admission', $seminar_ids); } // delete 'Studiengaenge' $query = "DELETE FROM user_studiengang WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'])); if (($db_ar = $statement->rowCount()) > 0) { $this->msg .= "info§" . sprintf(_("%s Zuordnungen zu Studiengängen gelöscht."), $db_ar) . "§"; } // delete all private appointments of this user if ($db_ar = delete_range_of_dates($this->user_data['auth_user_md5.user_id'], FALSE) > 0) { $this->msg .= "info§" . sprintf(_("%s Einträge aus den Terminen gelöscht."), $db_ar) . "§"; } } if ($newuser['auth_user_md5.perms'] == "admin") { $this->logInstUserDel($this->user_data['auth_user_md5.user_id'], "inst_perms != 'admin'"); $query = "DELETE FROM user_inst WHERE user_id = ? AND inst_perms != 'admin'"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'])); if (($db_ar = $statement->rowCount()) > 0) { $this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§"; } } if ($newuser['auth_user_md5.perms'] == "root") { $this->logInstUserDel($this->user_data['auth_user_md5.user_id']); $query = "DELETE FROM user_inst WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($this->user_data['auth_user_md5.user_id'])); if (($db_ar = $statement->rowCount()) > 0) { $this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§"; } } return TRUE; }