$new_pwd1 = db_escape(trim(dPgetCleanParam($_POST, 'new_pwd1', null)));
$new_pwd2 = db_escape(trim(dPgetCleanParam($_POST, 'new_pwd2', null)));
// has the change form been posted
if ($new_pwd1 && $new_pwd2 && $new_pwd1 == $new_pwd2) {
// check that the old password matches
$old_md5 = md5($old_pwd);
$q = new DBQuery();
$q->addQuery('user_id');
$q->addTable('users');
$q->addWhere("user_password='******' AND user_id={$user_id}");
if ($AppUI->user_type == 1 || $q->loadResult() == $user_id) {
require_once $AppUI->getModuleClass('admin');
$user = new CUser();
$user->user_id = $user_id;
$user->user_password = $new_pwd1;
if ($msg = $user->store()) {
$AppUI->setMsg($msg, UI_MSG_ERROR);
} else {
echo $AppUI->_('chgpwUpdated');
}
} else {
echo $AppUI->_('chgpwWrongPW');
}
} else {
?>
<script language="javascript">
function submitIt() {
var f = document.frmEdit;
var msg = '';
if (f.new_pwd1.value.length < <?php
public function createsqluser($username, $password, $ldap_attribs = array())
{
global $AppUI;
$hash_pass = MD5($password);
if (!count($ldap_attribs) == 0) {
// Contact information based on the inetOrgPerson class schema
$c = new CContact();
$c->contact_first_name = $ldap_attribs['givenname'][0];
$c->contact_last_name = $ldap_attribs['sn'][0];
$c->contact_city = $ldap_attribs['l'][0];
$c->contact_country = $ldap_attribs['country'][0];
$c->contact_state = $ldap_attribs['st'][0];
$c->contact_zip = $ldap_attribs['postalcode'][0];
$c->contact_job = $ldap_attribs['title'][0];
$c->contact_email = $ldap_attribs['mail'][0];
$c->contact_phone = $ldap_attribs['telephonenumber'][0];
$c->contact_owner = $AppUI->user_id;
$c->store();
$contactArray = array('phone_mobile' => $ldap_attribs['mobile'][0]);
$c->setContactMethods($contactArray);
}
$contact_id = $c->contact_id == null ? 'NULL' : $c->contact_id;
$u = new CUser();
$u->user_username = $username;
$u->user_password = $hash_pass;
$u->user_type = 0;
// Changed from 1 (administrator) to 0 (Default user)
$u->user_contact = (int) $contact_id;
$u->store();
$user_id = $u->user_id;
$this->user_id = $user_id;
$acl =& $AppUI->acl();
$acl->insertUserRole($acl->get_group_id('anon'), $this->user_id);
}
$userEx = TRUE;
}
}
//pull a list of existing usernames
$sql = "SELECT user_username FROM users";
$q = new DBQuery();
$q->addTable('users', 'u');
$q->addQuery('user_username');
$users = $q->loadList();
// Iterate the above userNameExistenceCheck for each user
foreach ($users as $usrs) {
$usrLst = array_map("userExistence", $usrs);
}
// If userName already exists quit with error and do nothing
if ($userEx == TRUE) {
$AppUI->setMsg("already exists. Try another username.", UI_MSG_ERROR, true);
$AppUI->redirect();
}
$contact->contact_owner = $AppUI->user_id;
}
if ($msg = $contact->store()) {
$AppUI->setMsg($msg, UI_MSG_ERROR);
} else {
$obj->user_contact = $contact->contact_id;
if ($msg = $obj->store()) {
$AppUI->setMsg($msg, UI_MSG_ERROR);
} else {
$AppUI->setMsg($isNewUser ? 'added - please setup roles and permissions now. User must have at least one role to log in.' : 'updated', UI_MSG_OK, true);
}
}
$isNewUser ? $AppUI->redirect("m=admin&a=viewuser&user_id=" . $obj->user_id . "&tab=3") : $AppUI->redirect();
// !User's contact information not deleted - left for history.
if ($del) {
$result = $obj->delete();
$message = $result ? 'User deleted' : $obj->getError();
$redirect = $result ? 'm=users' : ACCESS_DENIED;
$status = $result ? UI_MSG_ALERT : UI_MSG_ERROR;
$AppUI->setMsg($message, $status);
$AppUI->redirect($redirect);
}
$contact->contact_owner = $contact->contact_owner ? $contact->contact_owner : $AppUI->user_id;
$contactArray = $contact->getContactMethods();
$result = $contact->store();
if ($result) {
$contact->setContactMethods($contactArray);
$obj->user_contact = $contact->contact_id;
if ($obj->store()) {
if ($isNewUser && w2PgetParam($_POST, 'send_user_mail', 0)) {
notifyNewUserCredentials($contact->contact_email, $contact->contact_first_name, $obj->user_username, $_POST['user_password']);
}
if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) {
$perms =& $AppUI->acl();
if ($perms->insertUserRole($_REQUEST['user_role'], $obj->user_id)) {
$AppUI->setMsg('', UI_MSG_ALERT, true);
} else {
$AppUI->setMsg('failed to add role', UI_MSG_ERROR);
}
}
$AppUI->setMsg($isNewUser ? 'User added' : 'User updated', UI_MSG_OK, true);
$redirect = 'm=users&a=view&user_id=' . $obj->user_id . '&tab=2';
} else {
$AppUI->setMsg($obj->getError(), UI_MSG_ERROR);
// !User's contact information not deleted - left for history.
if ($del) {
$result = $obj->delete($AppUI);
$message = $result ? 'User deleted' : $obj->getError();
$path = $result ? 'm=admin' : 'm=public&a=access_denied';
$status = $result ? UI_MSG_ALERT : UI_MSG_ERROR;
$AppUI->setMsg($message, $status);
$AppUI->redirect($path);
}
$contact->contact_owner = $contact->contact_owner ? $contact->contact_owner : $AppUI->user_id;
$contactArray = $contact->getContactMethods();
$result = $contact->store($AppUI);
if ($result) {
$contact->setContactMethods($contactArray);
$obj->user_contact = $contact->contact_id;
if ($obj->store($AppUI)) {
if ($isNewUser && w2PgetParam($_POST, 'send_user_mail', 0)) {
notifyNewUserCredentials($contact->contact_email, $contact->contact_first_name, $obj->user_username, $_POST['user_password']);
}
if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) {
$perms =& $AppUI->acl();
if ($perms->insertUserRole($_REQUEST['user_role'], $obj->user_id)) {
$AppUI->setMsg('', UI_MSG_ALERT, true);
} else {
$AppUI->setMsg('failed to add role', UI_MSG_ERROR);
}
}
$AppUI->setMsg($isNewUser ? 'User added' : 'User updated', UI_MSG_OK, true);
$path = 'm=admin&a=viewuser&user_id=' . $obj->user_id . '&tab=2';
} else {
$AppUI->setMsg($obj->getError(), UI_MSG_ERROR);
/**
* Check wether login/password is found
* Handle password attempts count
*
* @param CUser $user User whose password attempt to check
*
* @return bool True is attempt is successful
*/
static function checkPasswordAttempt(CUser $user)
{
$sibling = new CUser();
$sibling->user_username = $user->user_username;
$sibling->loadMatchingObject();
$sibling->loadRefMediuser();
$mediuser = $sibling->_ref_mediuser;
if ($mediuser && $mediuser->_id) {
if (!$mediuser->actif) {
self::setMsg("Auth-failed-user-deactivated", UI_MSG_ERROR);
return false;
}
$today = CMbDT::date();
$deb = $mediuser->deb_activite;
$fin = $mediuser->fin_activite;
// Check if the user is in his activity period
if ($deb && $deb > $today || $fin && $fin <= $today) {
self::setMsg("Auth-failed-user-deactivated", UI_MSG_ERROR);
return false;
}
}
if ($sibling->_login_locked) {
self::setMsg("Auth-failed-user-locked", UI_MSG_ERROR);
return false;
}
// Wrong login and/or password
if (!$user->_id) {
self::setMsg("Auth-failed-combination", UI_MSG_ERROR);
// If the user exists, but has given a wrong password let's increment his error count
if ($user->loginErrorsReady() && $sibling->_id) {
$sibling->user_login_errors++;
$sibling->store();
$remainingAttempts = max(0, self::conf("admin CUser max_login_attempts") - $sibling->user_login_errors);
self::setMsg("Auth-failed-tried", UI_MSG_ERROR, $sibling->user_login_errors, $remainingAttempts);
}
return false;
}
return true;
}
if (!$contact->bind($_POST)) {
$AppUI->setMsg($contact->getError(), UI_MSG_ERROR);
$AppUI->redirect();
}
// prepare (and translate) the module name ready for the suffix
$AppUI->setMsg('User');
$isNewUser = !w2PgetParam($_REQUEST, 'user_id', 0);
if ($isNewUser) {
// check if a user with the param Username already exists
if (is_array($contactListByUsername)) {
$AppUI->setMsg('This username is not available, please try another.', UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
$contact->contact_owner = $AppUI->user_id;
}
}
$result = $contact->store();
if ($result) {
$user->user_contact = $contact->contact_id;
if ($msg = $user->store(null, true)) {
$AppUI->setMsg($msg, UI_MSG_ERROR);
} else {
if ($isNewUser) {
notifyNewExternalUser($contact->contact_email, $contact->contact_first_name, $user->user_username, $_POST['user_password']);
}
notifyHR(w2PgetConfig('admin_email', '*****@*****.**'), 'w2P System Human Resources', $contact->contact_email, $contact->contact_first_name, $user->user_username, $_POST['user_password'], $user->user_id);
}
} else {
$AppUI->setMsg($msg, UI_MSG_ERROR);
}
echo "<script language='javascript'>\n\t alert('The User Administrator has been notified to grant you access to the system and an email message was sent to you with your login info. Thank you very much.');\n\t history.go(-2);\n </script>";
public function createsqluser($username, $password, $email, $first, $last)
{
$hash_pass = $this->hashPassword($password);
$c = new CContact();
$c->contact_first_name = $first;
$c->contact_last_name = $last;
$c->contact_email = $email;
$c->store();
$u = new CUser();
$u->user_username = $username;
$u->user_password = $hash_pass;
$u->user_type = 0;
// Changed from 1 (administrator) to 0 (Default user)
$u->user_contact = (int) $c->contact_id;
$u->store(null, true);
$user_id = $u->user_id;
$this->user_id = $user_id;
$acl =& $this->AppUI->acl();
$acl->insertUserRole($acl->get_group_id('anon'), $this->user_id);
}
$user_id = $AppUI->user_id;
}
// check for a non-zero user id
if ($user_id) {
$old_pwd = db_escape(trim(w2PgetParam($_POST, 'old_pwd', null)));
$new_pwd1 = db_escape(trim(w2PgetParam($_POST, 'new_pwd1', null)));
$new_pwd2 = db_escape(trim(w2PgetParam($_POST, 'new_pwd2', null)));
$perms =& $AppUI->acl();
$canAdminEdit = canEdit('system');
// has the change form been posted
if ($new_pwd1 && $new_pwd2 && $new_pwd1 == $new_pwd2) {
$user = new CUser();
if ($canAdminEdit || $user->validatePassword($user_id, $old_pwd)) {
$user->load($user_id);
$user->user_password = $new_pwd1;
$result = $user->store();
if ($result) {
?>
<script language="javascript" type="text/javascript">
window.onload = function() {
window.close();
}
</script>
<?php
} else {
echo '<h1>' . $AppUI->_('Change User Password') . '</h1>';
echo $AppUI->getTheme()->styleRenderBoxTop();
echo '<table class="std"><tr><td>' . $AppUI->_('chgpwUpdated') . '</td></tr></table>';
}
} else {
echo '<h1>' . $AppUI->_('Change User Password') . '</h1>';
/**
* @see parent::updatePlainFields()
*/
function updatePlainFields()
{
parent::updatePlainFields();
// To prevent from recalculate new salt and re-hash password
if ($this->_merging) {
return;
}
$this->user_password = null;
// If no raw password or already hashed, nothing to do
if (!$this->_user_password || preg_match('/^[0-9a-f]{32}$/i', $this->_user_password)) {
return;
}
// If the new password hashing system is not ready yet
if (!$this->loginSaltReady()) {
CValue::setSessionAbs("_pass_deferred", $this->_user_password);
$this->user_password = md5($this->_user_password);
return;
}
// If user is logging, get the salt value in table
if (!$this->_is_logging || $this->_is_changing) {
$this->generateUserSalt();
return;
}
// If user is trying to log in, we have to compare hashes with corresponding user in table
$where = array("user_username" => " = '{$this->user_username}'");
$_user = new CUser();
$_user->loadObject($where);
// If user exists, we compare hashes
if ($_user->_id) {
// Password is a SHA256 hash, we get user's salt
if ($this->_user_password && strlen($_user->user_password) == 64) {
$this->user_password = hash("SHA256", $_user->user_salt . $this->_user_password);
return;
}
// Password is an old MD5 hash, we have to update
if ($_user->user_password == md5($this->_user_password)) {
$this->generateUserSalt();
$_user->_user_password = $this->_user_password;
$_user->_user_salt = $this->user_salt;
$_user->store();
} else {
// Won't load anything
$this->user_password = "******";
}
}
}
if ($setup->mod_version == $module->mod_version) {
CAppUI::setMsg("Installation de '%s' à la version %s", UI_MSG_OK, $module->mod_name, $setup->mod_version);
} else {
CAppUI::setMsg("Installation de '%s' à la version %s sur %s", UI_MSG_WARNING, $module->mod_name, $module->mod_version, $setup->mod_version);
}
} else {
CAppUI::setMsg("Module '%s' non mis à jour", UI_MSG_WARNING, $module->mod_name);
}
CModule::loadModules(false);
// To force dependency re-evaluation
}
if (isset($_SESSION["_pass_deferred"]) && CAppUI::$instance->user_id == 1) {
$user = new CUser();
$user->load(1);
$user->_user_password = $_SESSION["_pass_deferred"];
$user->store();
unset($_SESSION["_pass_deferred"]);
}
// In case the setup has added some user prefs
CAppUI::buildPrefs();
error_reporting($old_er);
CAppUI::redirect();
}
$module = new CModule();
if ($mod_id) {
$module->load($mod_id);
$module->checkModuleFiles();
} else {
$module->mod_version = "all";
$module->mod_name = $mod_name;
}
public function createsqluser($username, $password, $ldap_attribs = array())
{
$hash_pass = $this->hashPassword($password);
$u = new CUser();
$u->user_username = $username;
$u->user_password = $hash_pass;
$u->user_type = 0;
// Changed from 1 (administrator) to 0 (Default user)
$u->user_contact = 0;
$result = $u->store(null, true);
$user_id = $u->user_id;
$this->user_id = $user_id;
$c = new CContact();
if (count($ldap_attribs)) {
// Contact information based on the inetOrgPerson class schema
$c->contact_first_name = $ldap_attribs['givenname'][0];
$c->contact_last_name = $ldap_attribs['sn'][0];
$c->contact_city = $ldap_attribs['l'][0];
$c->contact_country = $ldap_attribs['country'][0];
$c->contact_state = $ldap_attribs['st'][0];
$c->contact_zip = $ldap_attribs['postalcode'][0];
$c->contact_job = $ldap_attribs['title'][0];
$c->contact_email = $ldap_attribs['mail'][0];
$c->contact_phone = $ldap_attribs['telephonenumber'][0];
$c->contact_owner = $this->user_id;
$result = $c->store();
$contactArray = array('phone_mobile' => $ldap_attribs['mobile'][0]);
$c->setContactMethods($contactArray);
}
//we may be able to use the above user element for this but I didnt know how it would handle an update after the store command so I created a new object.
$tmpUser = new CUser();
$tmpUser->load($user_id);
$tmpUser->user_contact = $this->contactId($user_id);
$tmpUser->store();
$acl =& $this->AppUI->acl();
$acl->insertUserRole($acl->get_group_id('normal'), $this->user_id);
}
