/** * Updates the LCC of the currently logged in user. * @param (mixed) $new_lcc The new LCC for the user. * @return (array) An array with indices `status` and `message`, * containing the status code and description of * the result of the operation. */ function update_current_user_lcc($new_lcc) { // Check that the LCC is numeric and between 0 and 100 exclusive $new_lcc = intval($new_lcc); if ($new_lcc <= 0 || $new_lcc >= 100) { $message = "Your LCC should be a number between 0 and 100. If your's isn't, "; $message .= "<a href=\"mailto:" . TECHSTAFF_EMAIL . "\">let our tech staff know</a> "; $message .= "and we'll update it!"; return array('status' => STATUS_ERROR, 'message' => $message); } // Get the CIF user $cif_user = new CifUser($_SERVER['REDIRECT_WEBAUTH_USER']); // Check that the new LCC is different from the current one if ($new_lcc == $cif_user->lcc) { return array('status' => STATUS_OK, 'message' => "You entered the same LCC that we have on record, so nothing was updated."); } try { $cif_user->update('lcc', $new_lcc); return array('status' => STATUS_OK, 'message' => "Your LCC's been updated!"); } catch (Exception $e) { $message = $e->getMessage() . ". Either something's down or there was a hiccup. "; $message .= "You should <a href=\"mailto:" . TECHSTAFF_EMAIL . "\">contact tech staff</a> "; $message .= "if this keeps happening for you."; return array('status' => STATUS_ERROR, 'message' => $message); } }
/** * Updates the password of the currently logged in user. * @param (mixed) $new_password The new password for the user. * @param (mixed) $new_password_again Confirmation of the new password for the user. * @return (array) An array with indices `status`, `message`, and `reasons` * containing the status code and description of the result of the operation, * and an array of reasons for that status. */ function update_current_user_password($new_password, $new_password_again) { try { $cif_user = new CifUser($_SERVER['REDIRECT_WEBAUTH_USER']); if ($new_password !== $new_password_again) { throw new Exception("The passwords you entered didn't match."); } // Validate the password $errors = is_secure_password($new_password, 'Sorry, but your password needs'); if ($errors) { throw new Exception($errors); } // Change the user's password $cif_user->change_password($new_password); return array('status' => STATUS_OK, 'message' => "Your password was changed.", 'reasons' => $errors); } catch (Exception $e) { $error_message = $e->getMessage(); } // If execution reaches this point, something went wrong // If the password was valid, log the results of this failed operation if (isset($errors) && !$errors) { file_put_contents(LOG_DIR . $cifid, $log, FILE_APPEND); } return array('status' => STATUS_ERROR, 'message' => $error_message, 'reasons' => $errors); }
/** * Authenticates through Kerberos for privileged permissions. * This also creates our CIF user. */ public static function setUpBeforeClass() { // Authenticate as a priviledged user through Kerberos self::$kerberos = new CifKerberos(); self::$database = new CifMysql(DATABASE_HOSTNAME, DATABASE_ADMIN_USER, DATABASE_ADMIN_PASSWORD); self::$ldap = CifLdap::get_connection(); // Create an LDAP test group self::$ldap->create_group(self::$test_group); try { // Create the CIF user from our desired attributes self::$user = CifUser::create_from(self::get_properties(), self::$password); } catch (Exception $e) { echo "\n" . self::$user->get_log(); $this->fail($e->getMessage()); } }
/** * Creates or resets the account for the given user. * @param string $netid The user's University of Rochester NetID. * @param string $password The user's NetID password. * @param mixed $lcc The user's LCC. * @return array An associative array with indices "status" and "message". * When "status" is STATUS OK, "user_existed", "has_lab_access", and "lcc" keys * will also be returned. */ function create_account($netid, $password, $lcc) { global $twig; // We'll be using Twig to render email templates // Continue running this script even if the client disconnects ignore_user_abort(true); try { $user_existed = CifUser::user_exists($netid); $cif_user = CifUser::create($netid, $password, $lcc); if ($user_existed) { $has_lab_access = $cif_user->is_a_member_of(LAB_ACCESS_GROUP); // Send a reset email if the user reset their account $message = $twig->render('email/account-reset.html', array('has_lab_access' => $has_lab_access, 'old_lcc' => $lcc, 'new_lcc' => $cif_user->lcc)); mail($cif_user->email, 'Your CIF account was reset', $message, EMAIL_HEADER); } else { // Give new users lab access // TODO Should still support an access list to pre-set access for users who do not yet exist; // TODO (cont) such a list must be synced between dev and prod $cif_user->join_group(LAB_ACCESS_GROUP); $has_lab_access = $cif_user->is_a_member_of(LAB_ACCESS_GROUP); // Send an account creation email to board $message = $twig->render('email/account-creation-notification.html', array('full_name' => $cif_user->full_name, 'email' => $cif_user->email, 'year' => $cif_user->year)); mail(BOARD_EMAIL, "CIF account created for {$cif_user->full_name}", $message, EMAIL_HEADER); // Send a welcome email to the new user $message = $twig->render('email/welcome.html', array('first_name' => $cif_user->first_name, 'has_lab_access' => $has_lab_access, 'lcc' => $lcc)); mail($cif_user->email, 'Your CIF account was created!', $message, EMAIL_HEADER); } // Write the log to disk file_put_contents(LOG_DIR . $netid, $cif_user->get_log(), FILE_APPEND); return array('status' => STATUS_OK, 'message' => "Your account was successfully " . ($user_existed ? 'reset' : 'created') . "!", 'info' => array('user_existed' => $user_existed, 'has_lab_access' => $has_lab_access, 'lcc' => $cif_user->lcc)); } catch (PasswordException $pe) { return array('status' => STATUS_AUTH_ERROR, 'message' => "The NetID or password you entered seem to be incorrect."); } catch (Exception $e) { // Alert the tech directors if a log can be written if (isset($cif_user)) { // Write the log to disk file_put_contents(LOG_DIR . $netid, $cif_user->get_log(), FILE_APPEND); $subject = 'CIF Account ' . ($user_existed ? 'Reset' : 'Creation') . " Failed ({$netid})"; $message = "This is a notice to check " . LOG_DIR . "{$netid} for the reason of failure."; mail(TECHDIRECTOR_EMAIL, $subject, $message); } return array('status' => STATUS_ERROR, 'message' => $e->getMessage()); } }
/** * Creates a new CifUser for the given credentials. * If the user already exists in CIF LDAP, this method does nothing. * If they do not exist, their account will be initialed with data from University LDAP. * An AFS volume will also be created for the user's file storage if they don't already have one. * * @param string $netid The user's netID. * @param string $password The user's password, necessary for connecting to University LDAP. * @param int $lcc The user's LCC. * @return CifUser A CifUser object for the newly created user. */ public static function create($netid, $password, $lcc) { $netid = strtolower(trim($netid)); $lcc = intval($lcc); try { $uni_ldap = new UniversityLdap($netid, $password); } catch (Exception $e) { throw new PasswordException('Unable to connect to University servers. Bad username/password?'); } $attributes = self::parse_attributes($uni_ldap->get_attributes(), 'UniversityLdap'); // Set the user's LCC here because University LDAP doesn't give it to us $attributes['lcc'] = $lcc; return CifUser::create_from($attributes, $password); }
<?php /** * Main page. Contains modules for the user's account information, * LCC and password change forms, and other CIF account service modules * such as file storage and web hosting. */ require_once 'panel-config.php'; require_once 'lib/CifUser.php'; require_once 'lib/utility.php'; // Get the CIF user $cif_user = new CifUser($_SERVER['REDIRECT_WEBAUTH_USER']); $has_lab_access = $cif_user->is_a_member_of(LAB_ACCESS_GROUP); $forms = array(); // If the LCC change form was submitted, handle it $forms['lcc'] = array('submitted' => false); if ($has_lab_access && was_submitted('update_lcc') && isset($_POST['new_lcc'])) { require_once 'lib/lcc.php'; $result = update_current_user_lcc($_POST['new_lcc']); $forms['lcc']['submitted'] = true; $forms['lcc']['status'] = $result['status']; $forms['lcc']['message'] = $result['message']; } // If the password change form was submitted, handle it $forms['password'] = array('submitted' => false); if (was_submitted('update_password') && isset($_POST['new_password']) && isset($_POST['new_password_confirmation'])) { require_once 'lib/password.php'; $result = update_current_user_password($_POST['new_password'], $_POST['new_password_confirmation']); $forms['password']['submitted'] = true; $forms['password']['status'] = $result['status']; $forms['password']['message'] = $result['message'];